803e1e55154be4b37a2ff25e4d9ffa4d59348f872c2a02372fc17b86d92444c6

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f70cd28ff394c7386de264d0ff599020N.exe
Size

468KB
MD5

f70cd28ff394c7386de264d0ff599020
SHA1

cb51e6643978a069a110b932d13292c6d42242e1
SHA256

803e1e55154be4b37a2ff25e4d9ffa4d59348f872c2a02372fc17b86d92444c6
SHA512

371ab341b2c917d5f9cdd258119e2c6e8236a267ce278f88f1c86f49684c183a2bec4f69a064b0c1017c59e18dd69dadd222a9b77525531960ff288a6cdbeadf
SSDEEP

3072:MTANoSCVId5UtbYBPztjcf8/iCMvPgpwVmHeevsMP4n8LyyaQTlm:MTqoQbUtiPJjcfLcQeP48OyaQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2688	Unicorn-50980.exe
2692	Unicorn-60513.exe
2556	Unicorn-684.exe
2580	Unicorn-29315.exe
2532	Unicorn-64025.exe
2700	Unicorn-50290.exe
1136	Unicorn-4618.exe
2068	Unicorn-33922.exe
2112	Unicorn-14793.exe
2876	Unicorn-20924.exe
1852	Unicorn-20924.exe
2912	Unicorn-20924.exe
2864	Unicorn-29211.exe
2300	Unicorn-9610.exe
2788	Unicorn-63718.exe
1864	Unicorn-6157.exe
2192	Unicorn-5892.exe
768	Unicorn-24531.exe
1800	Unicorn-14709.exe
1012	Unicorn-6541.exe
432	Unicorn-29820.exe
1964	Unicorn-57092.exe
2128	Unicorn-485.exe
1944	Unicorn-16822.exe
1484	Unicorn-5124.exe
1196	Unicorn-58731.exe
920	Unicorn-2331.exe
1904	Unicorn-14169.exe
2452	Unicorn-29240.exe
712	Unicorn-10251.exe
1988	Unicorn-37984.exe
1688	Unicorn-2659.exe
1960	Unicorn-47029.exe
1632	Unicorn-47029.exe
1540	Unicorn-27922.exe
2656	Unicorn-27351.exe
2240	Unicorn-37237.exe
2020	Unicorn-843.exe
2540	Unicorn-20709.exe
2560	Unicorn-45213.exe
332	Unicorn-38123.exe
1268	Unicorn-24387.exe
624	Unicorn-11388.exe
2084	Unicorn-46099.exe
2732	Unicorn-52229.exe
2076	Unicorn-52229.exe
2928	Unicorn-16603.exe
2600	Unicorn-46675.exe
1764	Unicorn-60973.exe
2904	Unicorn-60973.exe
2748	Unicorn-41984.exe
3044	Unicorn-43483.exe
1564	Unicorn-6401.exe
1720	Unicorn-39074.exe
1232	Unicorn-23049.exe
2996	Unicorn-36120.exe
2392	Unicorn-24575.exe
2424	Unicorn-5285.exe
1544	Unicorn-57823.exe
2204	Unicorn-35239.exe
1620	Unicorn-29108.exe
1324	Unicorn-48622.exe
968	Unicorn-2950.exe
2196	Unicorn-37661.exe

Loads dropped DLL 64 IoCs

pid	Process
2756	f70cd28ff394c7386de264d0ff599020N.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2688	Unicorn-50980.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2688	Unicorn-50980.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2692	Unicorn-60513.exe
2692	Unicorn-60513.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2688	Unicorn-50980.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2688	Unicorn-50980.exe
2556	Unicorn-684.exe
2556	Unicorn-684.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
2692	Unicorn-60513.exe
2692	Unicorn-60513.exe
2688	Unicorn-50980.exe
2532	Unicorn-64025.exe
2532	Unicorn-64025.exe
2700	Unicorn-50290.exe
1136	Unicorn-4618.exe
2688	Unicorn-50980.exe
1136	Unicorn-4618.exe
2700	Unicorn-50290.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2556	Unicorn-684.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2556	Unicorn-684.exe
1916	WerFault.exe
2112	Unicorn-14793.exe
2112	Unicorn-14793.exe
2688	Unicorn-50980.exe
2300	Unicorn-9610.exe
2688	Unicorn-50980.exe
2300	Unicorn-9610.exe
2556	Unicorn-684.exe
2556	Unicorn-684.exe
2864	Unicorn-29211.exe
1852	Unicorn-20924.exe
2864	Unicorn-29211.exe
1852	Unicorn-20924.exe
2532	Unicorn-64025.exe
2532	Unicorn-64025.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2912	Unicorn-20924.exe
2756	f70cd28ff394c7386de264d0ff599020N.exe
2912	Unicorn-20924.exe
2068	Unicorn-33922.exe
2068	Unicorn-33922.exe
1136	Unicorn-4618.exe
1136	Unicorn-4618.exe
2876	Unicorn-20924.exe
2876	Unicorn-20924.exe
2692	Unicorn-60513.exe
2692	Unicorn-60513.exe
2700	Unicorn-50290.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1916	2580	WerFault.exe	33
3676	2536	WerFault.exe	129

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16603.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2756	f70cd28ff394c7386de264d0ff599020N.exe
2688	Unicorn-50980.exe
2692	Unicorn-60513.exe
2556	Unicorn-684.exe
2580	Unicorn-29315.exe
2700	Unicorn-50290.exe
2532	Unicorn-64025.exe
1136	Unicorn-4618.exe
2112	Unicorn-14793.exe
2876	Unicorn-20924.exe
2068	Unicorn-33922.exe
2864	Unicorn-29211.exe
2300	Unicorn-9610.exe
2912	Unicorn-20924.exe
1852	Unicorn-20924.exe
2788	Unicorn-63718.exe
1864	Unicorn-6157.exe
2192	Unicorn-5892.exe
768	Unicorn-24531.exe
1800	Unicorn-14709.exe
1012	Unicorn-6541.exe
432	Unicorn-29820.exe
1964	Unicorn-57092.exe
2128	Unicorn-485.exe
1944	Unicorn-16822.exe
1484	Unicorn-5124.exe
1196	Unicorn-58731.exe
1904	Unicorn-14169.exe
920	Unicorn-2331.exe
2452	Unicorn-29240.exe
712	Unicorn-10251.exe
1988	Unicorn-37984.exe
1960	Unicorn-47029.exe
1688	Unicorn-2659.exe
1632	Unicorn-47029.exe
2656	Unicorn-27351.exe
1540	Unicorn-27922.exe
2240	Unicorn-37237.exe
2020	Unicorn-843.exe
2540	Unicorn-20709.exe
624	Unicorn-11388.exe
1268	Unicorn-24387.exe
332	Unicorn-38123.exe
2560	Unicorn-45213.exe
2732	Unicorn-52229.exe
2084	Unicorn-46099.exe
2076	Unicorn-52229.exe
2928	Unicorn-16603.exe
2600	Unicorn-46675.exe
1764	Unicorn-60973.exe
2904	Unicorn-60973.exe
2748	Unicorn-41984.exe
3044	Unicorn-43483.exe
1564	Unicorn-6401.exe
1720	Unicorn-39074.exe
1232	Unicorn-23049.exe
2996	Unicorn-36120.exe
2392	Unicorn-24575.exe
1544	Unicorn-57823.exe
2424	Unicorn-5285.exe
2204	Unicorn-35239.exe
1620	Unicorn-29108.exe
2196	Unicorn-37661.exe
968	Unicorn-2950.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2688	2756	f70cd28ff394c7386de264d0ff599020N.exe	30
PID 2756 wrote to memory of 2688	2756	f70cd28ff394c7386de264d0ff599020N.exe	30
PID 2756 wrote to memory of 2688	2756	f70cd28ff394c7386de264d0ff599020N.exe	30
PID 2756 wrote to memory of 2688	2756	f70cd28ff394c7386de264d0ff599020N.exe	30
PID 2688 wrote to memory of 2692	2688	Unicorn-50980.exe	31
PID 2688 wrote to memory of 2692	2688	Unicorn-50980.exe	31
PID 2688 wrote to memory of 2692	2688	Unicorn-50980.exe	31
PID 2688 wrote to memory of 2692	2688	Unicorn-50980.exe	31
PID 2756 wrote to memory of 2556	2756	f70cd28ff394c7386de264d0ff599020N.exe	32
PID 2756 wrote to memory of 2556	2756	f70cd28ff394c7386de264d0ff599020N.exe	32
PID 2756 wrote to memory of 2556	2756	f70cd28ff394c7386de264d0ff599020N.exe	32
PID 2756 wrote to memory of 2556	2756	f70cd28ff394c7386de264d0ff599020N.exe	32
PID 2692 wrote to memory of 2580	2692	Unicorn-60513.exe	33
PID 2692 wrote to memory of 2580	2692	Unicorn-60513.exe	33
PID 2692 wrote to memory of 2580	2692	Unicorn-60513.exe	33
PID 2692 wrote to memory of 2580	2692	Unicorn-60513.exe	33
PID 2756 wrote to memory of 2532	2756	f70cd28ff394c7386de264d0ff599020N.exe	34
PID 2756 wrote to memory of 2532	2756	f70cd28ff394c7386de264d0ff599020N.exe	34
PID 2756 wrote to memory of 2532	2756	f70cd28ff394c7386de264d0ff599020N.exe	34
PID 2756 wrote to memory of 2532	2756	f70cd28ff394c7386de264d0ff599020N.exe	34
PID 2688 wrote to memory of 2700	2688	Unicorn-50980.exe	35
PID 2688 wrote to memory of 2700	2688	Unicorn-50980.exe	35
PID 2688 wrote to memory of 2700	2688	Unicorn-50980.exe	35
PID 2688 wrote to memory of 2700	2688	Unicorn-50980.exe	35
PID 2556 wrote to memory of 1136	2556	Unicorn-684.exe	36
PID 2556 wrote to memory of 1136	2556	Unicorn-684.exe	36
PID 2556 wrote to memory of 1136	2556	Unicorn-684.exe	36
PID 2556 wrote to memory of 1136	2556	Unicorn-684.exe	36
PID 2580 wrote to memory of 1916	2580	Unicorn-29315.exe	37
PID 2580 wrote to memory of 1916	2580	Unicorn-29315.exe	37
PID 2580 wrote to memory of 1916	2580	Unicorn-29315.exe	37
PID 2580 wrote to memory of 1916	2580	Unicorn-29315.exe	37
PID 2692 wrote to memory of 2068	2692	Unicorn-60513.exe	38
PID 2692 wrote to memory of 2068	2692	Unicorn-60513.exe	38
PID 2692 wrote to memory of 2068	2692	Unicorn-60513.exe	38
PID 2692 wrote to memory of 2068	2692	Unicorn-60513.exe	38
PID 2532 wrote to memory of 1852	2532	Unicorn-64025.exe	40
PID 2532 wrote to memory of 1852	2532	Unicorn-64025.exe	40
PID 2532 wrote to memory of 1852	2532	Unicorn-64025.exe	40
PID 2532 wrote to memory of 1852	2532	Unicorn-64025.exe	40
PID 2688 wrote to memory of 2112	2688	Unicorn-50980.exe	39
PID 2688 wrote to memory of 2112	2688	Unicorn-50980.exe	39
PID 2688 wrote to memory of 2112	2688	Unicorn-50980.exe	39
PID 2688 wrote to memory of 2112	2688	Unicorn-50980.exe	39
PID 1136 wrote to memory of 2912	1136	Unicorn-4618.exe	42
PID 1136 wrote to memory of 2912	1136	Unicorn-4618.exe	42
PID 1136 wrote to memory of 2912	1136	Unicorn-4618.exe	42
PID 1136 wrote to memory of 2912	1136	Unicorn-4618.exe	42
PID 2700 wrote to memory of 2876	2700	Unicorn-50290.exe	41
PID 2700 wrote to memory of 2876	2700	Unicorn-50290.exe	41
PID 2700 wrote to memory of 2876	2700	Unicorn-50290.exe	41
PID 2700 wrote to memory of 2876	2700	Unicorn-50290.exe	41
PID 2756 wrote to memory of 2864	2756	f70cd28ff394c7386de264d0ff599020N.exe	43
PID 2756 wrote to memory of 2864	2756	f70cd28ff394c7386de264d0ff599020N.exe	43
PID 2756 wrote to memory of 2864	2756	f70cd28ff394c7386de264d0ff599020N.exe	43
PID 2756 wrote to memory of 2864	2756	f70cd28ff394c7386de264d0ff599020N.exe	43
PID 2556 wrote to memory of 2300	2556	Unicorn-684.exe	44
PID 2556 wrote to memory of 2300	2556	Unicorn-684.exe	44
PID 2556 wrote to memory of 2300	2556	Unicorn-684.exe	44
PID 2556 wrote to memory of 2300	2556	Unicorn-684.exe	44
PID 2112 wrote to memory of 2788	2112	Unicorn-14793.exe	45
PID 2112 wrote to memory of 2788	2112	Unicorn-14793.exe	45
PID 2112 wrote to memory of 2788	2112	Unicorn-14793.exe	45
PID 2112 wrote to memory of 2788	2112	Unicorn-14793.exe	45

C:\Users\Admin\AppData\Local\Temp\f70cd28ff394c7386de264d0ff599020N.exe
"C:\Users\Admin\AppData\Local\Temp\f70cd28ff394c7386de264d0ff599020N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        7⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        7⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        6⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61870.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        8⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        7⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        6⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
        5⤵
        
        PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10066.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        6⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        7⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        6⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        6⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        7⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
        6⤵
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        5⤵
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
      4⤵
      PID:7124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        7⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42714.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
        7⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        5⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        5⤵
        
        PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        5⤵
        
        PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        6⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        5⤵
        
        PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
      4⤵
      PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
      4⤵
      PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
      4⤵
      PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        6⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        5⤵
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        5⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
      4⤵
      PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
      4⤵
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
      4⤵
      PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
    3⤵
    PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
      4⤵
      PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
      4⤵
      PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
    3⤵
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
    3⤵
    PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
    3⤵
    PID:7028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        8⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        7⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        7⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17776.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        5⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        6⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
      4⤵
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
      4⤵
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        7⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        6⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        7⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        6⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        5⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43107.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25930.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        6⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
      4⤵
      PID:6852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45529.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29461.exe
        5⤵
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
      4⤵
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
      4⤵
      PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27351.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
      4⤵
      PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
    3⤵
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
      4⤵
      PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
    3⤵
    PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
    3⤵
    PID:7116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        7⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        6⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46147.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3314.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41009.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
      4⤵
      PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        5⤵
        Program crash
        
        PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
      4⤵
      PID:6472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        5⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        5⤵
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
      4⤵
      PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
    3⤵
    PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
    3⤵
    PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
    3⤵
    PID:5356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        6⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        5⤵
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55449.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24615.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
      4⤵
      PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
      4⤵
      PID:6312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
      4⤵
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
      4⤵
      PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
      4⤵
      PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
    3⤵
    PID:5440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
    3⤵
    PID:5296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12940.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
      4⤵
      PID:5636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
    3⤵
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
      4⤵
      PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
      4⤵
      PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
    3⤵
    PID:7136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
    3⤵
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
      4⤵
      PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
      4⤵
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
    3⤵
    PID:6544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
  2⤵
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
    3⤵
    PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
    3⤵
    PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
    3⤵
    PID:956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
  2⤵
  PID:4608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
  2⤵
  PID:5908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19632.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe

Filesize
468KB

MD5
684b8ab0350cb254e317fa6bf6756a7a

SHA1
e6967d14c14a49f610714a531de5483e6acdbd18

SHA256
9a09537bd0ec1fd7b9238522ddd7574d901c003cd311a4ba7b3ae07dd11b3d60

SHA512
31a5e89d02392387efc0e748d66a8feb67aef6a79bc1e816a9e875d3fb5947b0ab1d8f8f94e7ce5efbd7074e8adeec3c0daebeb2211a15704beee729a6cfc23f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe

Filesize
468KB

MD5
5dc18ec6e8b3875588c28fe3527a0311

SHA1
0100d30174edbd3d9bbdc82501ebc5f0e7339f6e

SHA256
213edde0dd2f0c8b4df793b8edddb0e4b322e67dd13a69168fd360a23d029e11

SHA512
3bb6def9fc9c71324f879c521ccb2bf65525cd152a8142eb3c8f9c7d1c4d0465c58ac82fa316e32a2e10c75090f6d14ac54fe59e2b418b4f829e76c3e3c2a1cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe

Filesize
468KB

MD5
17f473eb06835467d126162280b01e24

SHA1
ee148d6ed1ef0b533b23fb07860f9a59c76188b5

SHA256
8b62265ea7b739cddfda377f063aa805971dbaa5a8f81b35b4147b20f74fc1d3

SHA512
393db631eb0c062410fb0eca398d1a4e975f5a01743cd9ae7c498b180979bb5cb6548562aa62f1b6027d17be81feef24f1850da163048407921b1d6099d021eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe

Filesize
468KB

MD5
8d05305e75c5829319d8da01d2f772ef

SHA1
315357c767c02e8f05c80c8bd55bcb4292f679cc

SHA256
195dd9ff5d52f820e454d2213bd904f42a025a7d2bde635d590451608c57d2d1

SHA512
08f2acc732bd157d45bcb9f44ff642954c03abb6a4a9746351cec68343b7d1882397d5203513a78e3e864949eea7812847fb06367392b70cf480beff855cd7da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe

Filesize
468KB

MD5
48a672fa23daa6cf471893fc270e3954

SHA1
f3233c4bda0b0fddf925e1a75da3971a64497594

SHA256
e5735a83e1f46fd5af12697734ca33c3353b86357d76bc674c43431a001fdc1e

SHA512
71d8e267dad8278c9e35030c22246d8ef23c9031fcf15ab1a1571005c1f9afb1f2dc7e8aba11918fc4e636f86ecefbff6efd252d5093e884a4f54a901387baa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe

Filesize
468KB

MD5
76b50a5625e102961d72a2d7bea55d6d

SHA1
ae3ead6bbe6c6523c9299c7c03ba7215a43067ca

SHA256
bf10f025161d3be31cd666ef7d5dabd5622fd5b153f36c7ee46d712a5786d8a0

SHA512
2a3bafe4ad02c7ceec4e4e434cd6dd7582ba0d3b5314fe8fee93ea236cbde828fbb41a524f5a647f3e7b7d9ac64edf30ba27a0ea872a04aa7862854e910639a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe

Filesize
468KB

MD5
13b1252952a0f0b3b81badd4e3e830a4

SHA1
a11ffcf53b6508b5fe37e3414bdbf50c90090339

SHA256
6c0b1f7c153ecfb96b0d077f499809c3f87de25001ed7b69ac91ce36a670955e

SHA512
f653eae3ce4d56478cf109dddd5fce43327211878c6eeb6551c078f08bd7f8c8637432a703ebc58e51271e15dd2bde8efd1ab041429133f17070b0c1f4106fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe

Filesize
468KB

MD5
629579df6aeed99373d8f92e494a2fd0

SHA1
fecacac21a721673e58c30b9cb9acf3535a77123

SHA256
b5caa95cafab89a79ce4c8abeef3783d2e386007380837dfa6112041a732016f

SHA512
9cd4cfb656b180688ebc4c185b3f64b41a751e0708b167ef2687467aca7b006415a998b7ebec43c04174ce662c639f6fcd8d92e0ae5e16381b3ce862680e7c2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe

Filesize
468KB

MD5
262dabfb928ce63f0643086caaccacbc

SHA1
dc99b6f3c53c5f4f4a039e502e9dd363f503a1eb

SHA256
43010b0556c073b7fff98ce1272892856ef79a6c06ed4517b969c74669d9355f

SHA512
5afa6dee589f03f9917507d8c06a081bcec2e9ec112dfe3a8a54cc10f125904d9881ce017421bf05c67c4451a2c9d0a36cab6bdb00460e0d6f29e0cdd6c95fdb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe

Filesize
468KB

MD5
852fa70f8a9d1125b3a354c6e57697b4

SHA1
c2291a6203d65f7df91c6633ebc0c39d25b6e3e7

SHA256
d5da2d09180c5dcdbaeab984131dd567d6bbb3800291a53a8f4c36766bf51035

SHA512
0f4a28f69437764c0b36513d94894330ec3f190dd582d63b26f8a9cee0fb7c4d2754a8f03c7b8a8dd8b278d8f65fd24c89213e773503b87e6072639a774d0be5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4618.exe

Filesize
468KB

MD5
bbe873a707ed32be04d90d31a27609cb

SHA1
4c50242538c5ba33b39a30b6672da7ae5829bcbc

SHA256
df84a21583b0826fd00fbe06172bb4f0a339af6a1c9bcba368c441d4ed62d770

SHA512
014d2b633dde01124e622fdc2c639577964203723b386cd5baa58beb9a26e04d46e938a12cad9bdec4e5b6acc2f0f07ad4cd0231e7ffafcf4e2e192ab184556b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50980.exe

Filesize
468KB

MD5
424dc9a49c06994f178f7cb99a9b51ee

SHA1
6767c307e2911d5c7d2739805a75a30ce1ffb261

SHA256
d2f2e20cca52e9ac611093f8391fe208a360bd5cd8e5e5b1ced4bc42721220a7

SHA512
84c459d63601d9101b610cb3fabb8377c69ecab51d639427df6e119906b094a46e2df584ae14fd8cf1a4ced74424656719a58e28ddb70b9746c42d582542a15d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe

Filesize
468KB

MD5
f77a744cb93bbe984eae3aee0590722e

SHA1
68f7c0341a9997ec9d802fa6704dcd148bf6a41e

SHA256
19bf868c3dd3626764542a175db1f778044da43ce9a419f543ec5d3fb5f87129

SHA512
e058ecdc7b26e88eb5d4ec1f2409bc5c695e3af1c26e7d5dfba1dcf96d3f4594429660730488bedfab3745746fe2d1f1792d29c4993b8caf35606f176e3f3fb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe

Filesize
468KB

MD5
16a128bb8cc1f6c6adce97b1b9cbe3bd

SHA1
a8fbd367b4f18bfd72a3a28d658f1f2bfbe608c5

SHA256
37e07a26f1967fe31dfe5dcc1a79bfda47f8b72fc5d596290082d3cf1d2bea14

SHA512
df88f2aa3f867e5e80a4a58f44e2866050f43187f65299b21aa3e02f099b24add9c9cc33be3428f336a1c297476cd4948f1a2990ead817abe2930f6f4af4d352

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe

Filesize
468KB

MD5
80f3df6b2e67a8d31a3802165621ed4e

SHA1
7f46901f082686a681e7da0601e87cb594246efa

SHA256
60c05e104fa67c8812b0c7dac21a3df66cf3cfe7ef2ff2f9e00fbdcfaa0a227d

SHA512
6d969873afb72811f61c56e76aee3693638de4774e6ec0693f8fcbb26c3a6fee75076363b4dbe7d22de4711afe7d5b8ad2f994c23a2e5c8c8f6e0718e1f6d9bf

Download Submit