b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
Size

468KB
MD5

9b64a8fe7936b2d9a61bdd6ffe38d96e
SHA1

41bc76692d4bad12f2fbdc2324e9311dd196544d
SHA256

b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794
SHA512

c3a3b4c812fc3902002fd3254ab7e28f0044d8b6b659a90c14057f176591fb5fae78b3802aaa01b812e4d6926b1eb8a3cbec774abf88b9ecbe2894a1d568a00c
SSDEEP

3072:ToA1ogYnI05psbYnPz4jef8/ECxvkgpXcmHe6Vs/rYWTHMruktlx:ToCom8pskPEjefRcmnrYwsruk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3004	Unicorn-22007.exe
860	Unicorn-24667.exe
2064	Unicorn-12092.exe
2548	Unicorn-20189.exe
2628	Unicorn-48647.exe
2096	Unicorn-47307.exe
2212	Unicorn-53437.exe
2084	Unicorn-60770.exe
2784	Unicorn-65051.exe
2868	Unicorn-26178.exe
2536	Unicorn-20340.exe
2908	Unicorn-20074.exe
1108	Unicorn-3126.exe
532	Unicorn-23358.exe
588	Unicorn-9623.exe
2348	Unicorn-9211.exe
2160	Unicorn-55075.exe
1088	Unicorn-44790.exe
2292	Unicorn-54695.exe
964	Unicorn-19513.exe
2316	Unicorn-41089.exe
968	Unicorn-35574.exe
636	Unicorn-35574.exe
2360	Unicorn-61458.exe
1792	Unicorn-61723.exe
1368	Unicorn-16856.exe
1540	Unicorn-9185.exe
1740	Unicorn-43782.exe
1732	Unicorn-49912.exe
2464	Unicorn-23960.exe
1004	Unicorn-63487.exe
2296	Unicorn-60099.exe
1144	Unicorn-49383.exe
3000	Unicorn-36768.exe
2192	Unicorn-36768.exe
2744	Unicorn-37271.exe
2808	Unicorn-17670.exe
2728	Unicorn-22269.exe
2664	Unicorn-46315.exe
2020	Unicorn-52445.exe
2604	Unicorn-291.exe
1296	Unicorn-53021.exe
2184	Unicorn-50731.exe
2660	Unicorn-9113.exe
2852	Unicorn-37955.exe
2792	Unicorn-40058.exe
2900	Unicorn-3363.exe
2060	Unicorn-17391.exe
2532	Unicorn-41158.exe
2924	Unicorn-26439.exe
1780	Unicorn-42191.exe
2220	Unicorn-42191.exe
2152	Unicorn-48554.exe
1432	Unicorn-25196.exe
2120	Unicorn-5330.exe
2112	Unicorn-58444.exe
2180	Unicorn-38578.exe
864	Unicorn-60016.exe
1040	Unicorn-14344.exe
1464	Unicorn-56730.exe
340	Unicorn-2087.exe
1520	Unicorn-56620.exe
2432	Unicorn-5686.exe
564	Unicorn-65093.exe

Loads dropped DLL 64 IoCs

pid	Process
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
3004	Unicorn-22007.exe
3004	Unicorn-22007.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
860	Unicorn-24667.exe
860	Unicorn-24667.exe
3004	Unicorn-22007.exe
3004	Unicorn-22007.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2064	Unicorn-12092.exe
2064	Unicorn-12092.exe
2548	Unicorn-20189.exe
2548	Unicorn-20189.exe
860	Unicorn-24667.exe
860	Unicorn-24667.exe
2096	Unicorn-47307.exe
2096	Unicorn-47307.exe
2628	Unicorn-48647.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2628	Unicorn-48647.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2212	Unicorn-53437.exe
2212	Unicorn-53437.exe
3004	Unicorn-22007.exe
2064	Unicorn-12092.exe
3004	Unicorn-22007.exe
2064	Unicorn-12092.exe
2084	Unicorn-60770.exe
2084	Unicorn-60770.exe
2548	Unicorn-20189.exe
2548	Unicorn-20189.exe
2784	Unicorn-65051.exe
2784	Unicorn-65051.exe
860	Unicorn-24667.exe
860	Unicorn-24667.exe
2868	Unicorn-26178.exe
2868	Unicorn-26178.exe
2096	Unicorn-47307.exe
2096	Unicorn-47307.exe
2536	Unicorn-20340.exe
2536	Unicorn-20340.exe
532	Unicorn-23358.exe
532	Unicorn-23358.exe
3004	Unicorn-22007.exe
2628	Unicorn-48647.exe
2908	Unicorn-20074.exe
588	Unicorn-9623.exe
2908	Unicorn-20074.exe
3004	Unicorn-22007.exe
2628	Unicorn-48647.exe
588	Unicorn-9623.exe
2064	Unicorn-12092.exe
2064	Unicorn-12092.exe
1108	Unicorn-3126.exe
1108	Unicorn-3126.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
2212	Unicorn-53437.exe
2212	Unicorn-53437.exe
1564	WerFault.exe
1564	WerFault.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1564	2464	WerFault.exe	59
2584	2508	WerFault.exe	99
3436	1684	WerFault.exe	95

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25676.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
3004	Unicorn-22007.exe
860	Unicorn-24667.exe
2064	Unicorn-12092.exe
2548	Unicorn-20189.exe
2628	Unicorn-48647.exe
2212	Unicorn-53437.exe
2096	Unicorn-47307.exe
2084	Unicorn-60770.exe
2784	Unicorn-65051.exe
2868	Unicorn-26178.exe
2536	Unicorn-20340.exe
1108	Unicorn-3126.exe
532	Unicorn-23358.exe
2908	Unicorn-20074.exe
588	Unicorn-9623.exe
2348	Unicorn-9211.exe
1088	Unicorn-44790.exe
2160	Unicorn-55075.exe
2292	Unicorn-54695.exe
964	Unicorn-19513.exe
2316	Unicorn-41089.exe
636	Unicorn-35574.exe
968	Unicorn-35574.exe
1368	Unicorn-16856.exe
2360	Unicorn-61458.exe
1792	Unicorn-61723.exe
1740	Unicorn-43782.exe
1540	Unicorn-9185.exe
2464	Unicorn-23960.exe
1732	Unicorn-49912.exe
1004	Unicorn-63487.exe
2296	Unicorn-60099.exe
1144	Unicorn-49383.exe
3000	Unicorn-36768.exe
2192	Unicorn-36768.exe
2808	Unicorn-17670.exe
2020	Unicorn-52445.exe
2664	Unicorn-46315.exe
2744	Unicorn-37271.exe
2604	Unicorn-291.exe
2728	Unicorn-22269.exe
1296	Unicorn-53021.exe
2660	Unicorn-9113.exe
2184	Unicorn-50731.exe
2852	Unicorn-37955.exe
2792	Unicorn-40058.exe
2900	Unicorn-3363.exe
2060	Unicorn-17391.exe
2532	Unicorn-41158.exe
2924	Unicorn-26439.exe
1780	Unicorn-42191.exe
2220	Unicorn-42191.exe
2152	Unicorn-48554.exe
2180	Unicorn-38578.exe
2112	Unicorn-58444.exe
2120	Unicorn-5330.exe
1432	Unicorn-25196.exe
864	Unicorn-60016.exe
1040	Unicorn-14344.exe
1464	Unicorn-56730.exe
340	Unicorn-2087.exe
1520	Unicorn-56620.exe
2432	Unicorn-5686.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 3004	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	30
PID 2748 wrote to memory of 3004	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	30
PID 2748 wrote to memory of 3004	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	30
PID 2748 wrote to memory of 3004	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	30
PID 3004 wrote to memory of 860	3004	Unicorn-22007.exe	31
PID 3004 wrote to memory of 860	3004	Unicorn-22007.exe	31
PID 3004 wrote to memory of 860	3004	Unicorn-22007.exe	31
PID 3004 wrote to memory of 860	3004	Unicorn-22007.exe	31
PID 2748 wrote to memory of 2064	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	32
PID 2748 wrote to memory of 2064	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	32
PID 2748 wrote to memory of 2064	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	32
PID 2748 wrote to memory of 2064	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	32
PID 860 wrote to memory of 2548	860	Unicorn-24667.exe	33
PID 860 wrote to memory of 2548	860	Unicorn-24667.exe	33
PID 860 wrote to memory of 2548	860	Unicorn-24667.exe	33
PID 860 wrote to memory of 2548	860	Unicorn-24667.exe	33
PID 3004 wrote to memory of 2628	3004	Unicorn-22007.exe	34
PID 3004 wrote to memory of 2628	3004	Unicorn-22007.exe	34
PID 3004 wrote to memory of 2628	3004	Unicorn-22007.exe	34
PID 3004 wrote to memory of 2628	3004	Unicorn-22007.exe	34
PID 2748 wrote to memory of 2096	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	35
PID 2748 wrote to memory of 2096	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	35
PID 2748 wrote to memory of 2096	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	35
PID 2748 wrote to memory of 2096	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	35
PID 2064 wrote to memory of 2212	2064	Unicorn-12092.exe	36
PID 2064 wrote to memory of 2212	2064	Unicorn-12092.exe	36
PID 2064 wrote to memory of 2212	2064	Unicorn-12092.exe	36
PID 2064 wrote to memory of 2212	2064	Unicorn-12092.exe	36
PID 2548 wrote to memory of 2084	2548	Unicorn-20189.exe	37
PID 2548 wrote to memory of 2084	2548	Unicorn-20189.exe	37
PID 2548 wrote to memory of 2084	2548	Unicorn-20189.exe	37
PID 2548 wrote to memory of 2084	2548	Unicorn-20189.exe	37
PID 860 wrote to memory of 2784	860	Unicorn-24667.exe	38
PID 860 wrote to memory of 2784	860	Unicorn-24667.exe	38
PID 860 wrote to memory of 2784	860	Unicorn-24667.exe	38
PID 860 wrote to memory of 2784	860	Unicorn-24667.exe	38
PID 2096 wrote to memory of 2868	2096	Unicorn-47307.exe	39
PID 2096 wrote to memory of 2868	2096	Unicorn-47307.exe	39
PID 2096 wrote to memory of 2868	2096	Unicorn-47307.exe	39
PID 2096 wrote to memory of 2868	2096	Unicorn-47307.exe	39
PID 2628 wrote to memory of 2536	2628	Unicorn-48647.exe	40
PID 2628 wrote to memory of 2536	2628	Unicorn-48647.exe	40
PID 2628 wrote to memory of 2536	2628	Unicorn-48647.exe	40
PID 2628 wrote to memory of 2536	2628	Unicorn-48647.exe	40
PID 2748 wrote to memory of 2908	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	41
PID 2748 wrote to memory of 2908	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	41
PID 2748 wrote to memory of 2908	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	41
PID 2748 wrote to memory of 2908	2748	b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe	41
PID 2212 wrote to memory of 1108	2212	Unicorn-53437.exe	42
PID 2212 wrote to memory of 1108	2212	Unicorn-53437.exe	42
PID 2212 wrote to memory of 1108	2212	Unicorn-53437.exe	42
PID 2212 wrote to memory of 1108	2212	Unicorn-53437.exe	42
PID 3004 wrote to memory of 532	3004	Unicorn-22007.exe	43
PID 3004 wrote to memory of 532	3004	Unicorn-22007.exe	43
PID 3004 wrote to memory of 532	3004	Unicorn-22007.exe	43
PID 3004 wrote to memory of 532	3004	Unicorn-22007.exe	43
PID 2064 wrote to memory of 588	2064	Unicorn-12092.exe	44
PID 2064 wrote to memory of 588	2064	Unicorn-12092.exe	44
PID 2064 wrote to memory of 588	2064	Unicorn-12092.exe	44
PID 2064 wrote to memory of 588	2064	Unicorn-12092.exe	44
PID 2084 wrote to memory of 2348	2084	Unicorn-60770.exe	45
PID 2084 wrote to memory of 2348	2084	Unicorn-60770.exe	45
PID 2084 wrote to memory of 2348	2084	Unicorn-60770.exe	45
PID 2084 wrote to memory of 2348	2084	Unicorn-60770.exe	45

C:\Users\Admin\AppData\Local\Temp\b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe
"C:\Users\Admin\AppData\Local\Temp\b898444268c1b62d22dc7665d433a24bc8bc2e3038b98235b426eccdbb5b9794.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7999.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        8⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        9⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        9⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        7⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        6⤵
        Executes dropped EXE
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
        6⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        6⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        6⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        6⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        6⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        6⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        7⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        5⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61301.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        5⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        5⤵
        
        PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        8⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        8⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        7⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42041.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
        5⤵
        
        PID:2508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 200
        6⤵
        Program crash
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        5⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        7⤵
        Program crash
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        6⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        6⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40392.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        6⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        6⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        5⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        5⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        6⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        6⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13232.exe
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        5⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe
      4⤵
      PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62345.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        7⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        6⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        6⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        5⤵
        
        PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33660.exe
        6⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        7⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        5⤵
        
        PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        5⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        6⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        5⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
      4⤵
      PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61301.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
      4⤵
      PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
      4⤵
      PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        6⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        5⤵
        
        PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37955.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28999.exe
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        5⤵
        
        PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
      4⤵
      PID:7200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
      4⤵
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        5⤵
        
        PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
      4⤵
      PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
      4⤵
      PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
      4⤵
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
      4⤵
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
    3⤵
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
      4⤵
      PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
      4⤵
      PID:7920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
    3⤵
    PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
    3⤵
    PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
    3⤵
    PID:7268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        7⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        6⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        6⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        5⤵
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
      4⤵
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        5⤵
        
        PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
      4⤵
      PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
      4⤵
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        5⤵
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        6⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        5⤵
        
        PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28784.exe
        6⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        5⤵
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        5⤵
        
        PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
      4⤵
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64352.exe
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        5⤵
        
        PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
      4⤵
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
      4⤵
      PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
      4⤵
      PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        5⤵
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
      4⤵
      PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
      4⤵
      PID:7904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
      4⤵
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        5⤵
        
        PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
      4⤵
      PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12464.exe
      4⤵
      PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
      4⤵
      PID:7748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
    3⤵
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
      4⤵
      PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
      4⤵
      PID:7252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
    3⤵
    PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
    3⤵
    PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
    3⤵
    PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
    3⤵
    PID:6508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        6⤵
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        6⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        5⤵
        
        PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        6⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        6⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        5⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        5⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17537.exe
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        5⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        5⤵
        
        PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      4⤵
      PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
      4⤵
      PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
      4⤵
      PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      4⤵
      PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        6⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
      4⤵
      PID:7532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
      4⤵
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
      4⤵
      PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
      4⤵
      PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
      4⤵
      PID:8112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34322.exe
    3⤵
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
      4⤵
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
      4⤵
      PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
    3⤵
    PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
    3⤵
    PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
    3⤵
    PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
    3⤵
    PID:7812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40690.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
        6⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        5⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18311.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2529.exe
        5⤵
        
        PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
      4⤵
      PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
      4⤵
      PID:6716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        5⤵
        
        PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
      4⤵
      PID:7504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
    3⤵
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
      4⤵
      PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
      4⤵
      PID:7404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
    3⤵
    PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
    3⤵
    PID:6700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
    3⤵
    PID:7868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
  2⤵
  PID:6096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
  2⤵
  PID:6764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
  2⤵
  PID:7940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe

Filesize
468KB

MD5
1470c2db8e65154a8dd4e3adc14de96c

SHA1
0468ef6cc7a34f03b94cf27da3c59135e1414c99

SHA256
ba59cde4056ff432f9f59669b9fb6afad61dab71d2598c9086643cdfcfd09992

SHA512
5379c169181b488586d4378de3fb582f0cf033cbedf371f8a02780540af2d40ad396f42c67602460ca648a8fb0fbe56609dc9d22bedb065dc42ef7833a042226

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe

Filesize
468KB

MD5
d56130610103d6e35cff276c3cb48ff8

SHA1
9417ae7b0174aec3d3a289eac3535b0ce2ba9dec

SHA256
2f7bdcaad60b1407b3f598276455e9377ad7dc7d57d00b3aafc4d9bda44804d8

SHA512
47679237e31b228a4483ca83923326195cd39b62516987940cd8bb4e63884a1f00b4c66e2daa3d2d5bb5b14c111b4f1921825c9df3dfb0c0f4cfb6a5b5157d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe

Filesize
468KB

MD5
91c463e1cf26c27f0a83d35522c6b215

SHA1
844b2c47c9064f7170a4a0f2ae6eb138faec3cac

SHA256
32c595b29b271989dc851890c4976263f4c1407ddd51c48ea380ae2f93c76daa

SHA512
59ab3f404c0777244288fd72466d63bb8fc1065708f06e6c20a6aeba3ff92fc6ae92c5849bb170b18b5c5b0b9f484599abd3cba97da668db8e0e1b094606ed83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe

Filesize
468KB

MD5
739c0b4db7935afcc9c6d9b9fcf18d60

SHA1
cee3cb1f5b6ad84100e00afc68a37f46deee2b92

SHA256
98e45857334bca454642fff8cabd9a4b381759f2926b388e7b7f264e2d4232be

SHA512
af6e31bd1450b25188e6d5aee9d4c775bba87da02cf2515cc9d17079585878dcbb795d751f86422d3b3092c714cc333f6a334101edf92e9eda6b703512424357

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26009.exe

Filesize
468KB

MD5
1ac7d77e094ca3c2efce3831004417e0

SHA1
549bebd50cf1c93d4a1d839664068e1fe2f3274c

SHA256
969883e951421562371b7089928bd281ed2c51dce087c2186461572bc8f42f80

SHA512
8996d7fdabb95246cef3947179380513d5cee2d667d73ed14526fb7b36b94fcd4cfb9a8d2527d062fc8f2a9350a33cfeff4b8873c4c7482b78e9ff2c54739915

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe

Filesize
468KB

MD5
7335443ba08a2a0f3ea782210480a995

SHA1
ddf15abad2a06a41b937e69b369ad4e9626a1a26

SHA256
8f309c375b82c65dfaae455a3670b4937d2ee0b6184567f11f7096873e71a28c

SHA512
8cd212a7c1bfe68e9ab62deb6aaef437ff4a5609d9b9217aa5218bd876cf37efc24d4155ba11c876e5623b05bec579aaec1311b33c1e15eb31627a7c80d791d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe

Filesize
468KB

MD5
a10890884f0625a0d80210f7b0411421

SHA1
4ba3371fb33f4c1d308acda3177dd94159cb1490

SHA256
a4dc1a0d67bc6f51da1e58ed3c56a1139f541cf6062befc6c2bb711883c6f8e4

SHA512
67d3dbf9fcd006861ed81f5435e1782d77ed55e94a40003b81a52062f8a38afc9aeb7f1fd8043bc20e02c3fc372d9c07760764ce94727f9054f8d57b349efe14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe

Filesize
468KB

MD5
f18699e3be1a78b4ce7938f47f2801ca

SHA1
34117c8cfa2baeca27a99d9ee591de772171d29c

SHA256
7a6e0c0c73c0e5c1752f8c6059d0deee8c0d4f28c473611ed5c83d453aeab7e8

SHA512
4b50073c73d7fc3754f6848befd5e721c67e274e51d2709e085bf3c8a2a18159640083c9e084140374957ecb28ca3c40f5bd3517a31ddfa6b3ddf162d69aeb01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe

Filesize
468KB

MD5
cf599796e87e537e5f0b2f5293d3ec50

SHA1
93842a261e5ce3a5d5d39dad88ad3b17bf84eb4a

SHA256
3211b405bc91280ac4173807cd82e589949a84b847ac053885bc7fb90ed83f16

SHA512
511596cef461d83ecfee4d788bce95fe43f3382fe862feedff84cbb46460725e2d8e40f6fdf0b54691c524e0a60cfa84c3f5974be27cd437975bfff6d0a1d9f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20340.exe

Filesize
468KB

MD5
7cf8b4459daaa94e59a72a377b1f5c97

SHA1
928b6a720716f90454d180e34d31359278cc2189

SHA256
2023129dfe571783ca1bd034887ead2ede7b2319c45dd99e27422f2c05002ccb

SHA512
ba6705cb3027f7396a75b66fd8a6dc1c2eebcf588bedf0170d4ee5cee467ca31f7e429a7dd3c748898bad0921df049653014ff3b6849dc21021003335efeb296

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe

Filesize
468KB

MD5
62408db92a6b39fbd40abaed5634ae90

SHA1
16e5364d143ab008b9f714236391f4c080dc4554

SHA256
ff98ec202ccf4a8796e9d4f05376a7bf3b2b73740ed9ee6733f28b4b1b0b2e64

SHA512
af19469fa9fa31e4711261a534d041ce666558777d582661b2c8b2627eedee2d07ee66ae5bb70ea37ad8762021841ea7fe1c796a0c0cd9476c412100b4695ec4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe

Filesize
468KB

MD5
e0217540d5f20b86acc7e99db4b9d43f

SHA1
7e1e8810657819d6fe43b2d92281b34ce66b4efa

SHA256
5ab0ab6bc5f6e06abc62ff9c004478f330feb811f5bfbf8a49aa705c31ba728d

SHA512
613285735f031a39c312c829a80c4143026d27b127730a363bdda604cda046e7344139402b47a6388ca0dc36ac41cbd453c35a73e548b31cb595e85ad14f7419

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe

Filesize
468KB

MD5
76c4017be141cedd7376312e1705313b

SHA1
6e6d083e4e3e9d72213cb5d8c8f92f95cb930685

SHA256
f2b07af8fd2c64ef22529460f636604fd721eef3e208ab41a975083391699d01

SHA512
11d0b62bcbac366dbdf30f7449b93d35b20d72a2a476a3c71bc4873871ff69bff2182ac67a8902d634429e42683106451ff5a0802a13966d92fc4d2e45314fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe

Filesize
468KB

MD5
c3fb7816f253b74d3a9c0ffd5408d252

SHA1
c7ea94792a2f5f82490904eff32a7d828c0c6810

SHA256
f26596ccd502be2e3c0499a361cce1b70eb9296d4032be678fab3c2173aedcdd

SHA512
f09c0aa7cdf4a4d663db453d950b87d7338b1873f836ea92b6656d5e1717e8ece7a66529515d256e5238c9a718a045811dc2f0a4589179056b2cfe428ecd0d1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe

Filesize
468KB

MD5
9952ecac5b4af8689114d6f8429dc006

SHA1
6f9961ef08c5c0ecc5800c4fd29c7c76f14a7b2f

SHA256
c3e4d256a47a42c31229b74ce6579617267edb003d05a3fd4f9173f4222bd982

SHA512
355ab89d61f49e32a831247933a774461a395e690d9c701fb1b7430970ecffc0cbc34f53cd40aa7a1513b40b142ae603227f4e616edafac784bd3eb061580b57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe

Filesize
468KB

MD5
c624bb35f286dc3222a6630ddfdc3693

SHA1
93ed3411ac042d51917221575c23ad81118387a8

SHA256
5e983bde6bf39adea350f0696c5cd3cea49cda62431967ce76aab5fa7ad8cbc1

SHA512
a2d3415a10e8531823c73af370d0196207dbf7f833b8a93a7ba76a2ddddb9cea23c26ddb6cecae7e5aac8b00522e799d50885665285310b5b9b54d70408d2c2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe

Filesize
468KB

MD5
9d9a24aa599a7fc2edbcd76a1acf953e

SHA1
e9336b632b3cc843792d8041c2d3339bff524445

SHA256
335abcf356506d479dba9a830914f9ab41a3dbe0146e1ae8e501a5d6aaa18b5a

SHA512
8630ec94a1c15130b03d97dcd0139fc5ad971202d7b4581497b635ac06f9bdb831411e0765dc4be84488b45f0987611a55d29241960e730fc4f3498d3d203e8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe

Filesize
468KB

MD5
3a32f17a0109b6a69ba576a13815b135

SHA1
9df47bea062a3d9ef02f90745250ea59ea0f0865

SHA256
f68e8e6e781ba70a4de40800a61ac699b092422d08d339a38201605629756f2d

SHA512
96746a8d76d75cb11272974551b8454d4c7f47fc379011442f4e7ca0641c7c1f4bfa76c06eca932e5bab123ee763db8ce3de6838355a5581058de8b179d82467

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe

Filesize
468KB

MD5
bf0d9523d5dc577e0deb5c49ce71d02d

SHA1
0e3513fd86d69f35c5c8a36607aec37d6c60128b

SHA256
753d3ebb9a826bf81f3ebaeb2d38127af5757afe0da4adfcf954104fa489d74e

SHA512
2563c2ca74e2a9357f80313294d5ba322ac5456b4073a87979cd745464d53c1617bce1d85fabfe6fd452253d3a5e7ef04e50910c0124dd9afd27f733e7202dba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe

Filesize
468KB

MD5
709b21908b4dd1384969ff7e2512a734

SHA1
4736a872b68f1a59b354567283af995383971e4d

SHA256
489860ce7c6b764a70201e1f94ab1b779a385af7af56e018a9ab3a87b853f07a

SHA512
4de231e1f2904418fffe6e909d420d39c5b9403c2233b88bc189ba60836f0729d62db2593bd8c0875598320b9f9bdf8ca725a8c3ae9fe359eca4fe61f0718568

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe

Filesize
468KB

MD5
fc59f44765699efeb8d352fea3af6acc

SHA1
5acedf5e577738cc78cfa4957cddc623880ae861

SHA256
ae6e1ba70bcddac9c998e3520bd8f2db344d4e327b09a21935fa328d8f29a91c

SHA512
2e7673dc8aaebcbebecc7b28fc09df2a7a3473a9d8d081e8c366140086ecd3d228b5769f331fe3767ef0d449c5fe161ae48a9f804fa6e3ad3594264d24fbd4d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe

Filesize
468KB

MD5
1d4ca44edd8e098a4c694b0edff205de

SHA1
c456a20f2e46436c9fc30c6d5c6cf740bc189cd7

SHA256
28e6cea8a50dfe56f1fb09e67f7c79ec52ccc31665358485d774e23d2f0ee55b

SHA512
8b3e2770d5d1a5bd12684b9905d34d61d089e359599dd9808b60aeb6b727026bec24eae38fab9b113918744aaaec5700363a90ea30f9b02fd9774cceb43fe3c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe

Filesize
468KB

MD5
96e89a458ab5f46b811ce6fc3b5032bf

SHA1
a0e7a8f45577625b624ee1fb9d0ae533599f6db5

SHA256
2237103846e7b340c46b8f81288f102107413785075be28dc332de9024ad7d7b

SHA512
75eee1c57257a4d5f906b83fb6e2691baaeb06bcfe0570d0ddb8f5083a3093390ad0e07a71defadeaedd1c348366ce742dafc769f3078a62be7cdaf940ba46bd

Download Submit