2aa4b67acddc0cad4e387e97e350b05a77aa0c9a9f6c4c9c644496a159b2d3cc

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f7393f92afd7cf3fbd78348923ad6f0N.exe
Size

468KB
MD5

9f7393f92afd7cf3fbd78348923ad6f0
SHA1

7d1463efec7374f2936006a94f8e3dd19507757c
SHA256

2aa4b67acddc0cad4e387e97e350b05a77aa0c9a9f6c4c9c644496a159b2d3cc
SHA512

50e97d644d3411834c9bd89f2e32d120ab6ef3fa4fee9b91eacacee0ceb1b7a9d1aebe66ed5d0fc81659bea26d924e5bfe5960e45f61dfb69da978df04621384
SSDEEP

3072:1GDuo5IKI05TtbYLHzcOcf8/zCEmP0pNpVHebVPF06FLa7ggXWl6:1GSos8Tt4H4OcfVYIr06hYggX

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2684	Unicorn-46301.exe
2712	Unicorn-53763.exe
2732	Unicorn-24428.exe
2604	Unicorn-35723.exe
2572	Unicorn-35915.exe
2652	Unicorn-28523.exe
2620	Unicorn-31316.exe
2964	Unicorn-48925.exe
3048	Unicorn-59323.exe
2008	Unicorn-45588.exe
2044	Unicorn-48541.exe
376	Unicorn-48733.exe
2880	Unicorn-31171.exe
1600	Unicorn-48468.exe
2012	Unicorn-5567.exe
2444	Unicorn-56652.exe
2184	Unicorn-21877.exe
1800	Unicorn-57503.exe
2212	Unicorn-40134.exe
1112	Unicorn-7918.exe
2528	Unicorn-57119.exe
1796	Unicorn-57725.exe
1812	Unicorn-47519.exe
1576	Unicorn-27653.exe
1356	Unicorn-38012.exe
1172	Unicorn-46943.exe
2016	Unicorn-46066.exe
1684	Unicorn-39936.exe
2368	Unicorn-41960.exe
2508	Unicorn-3466.exe
888	Unicorn-13864.exe
2364	Unicorn-52475.exe
1620	Unicorn-18577.exe
3056	Unicorn-53134.exe
2724	Unicorn-46620.exe
2804	Unicorn-21697.exe
2248	Unicorn-55054.exe
2828	Unicorn-46124.exe
2744	Unicorn-50648.exe
1696	Unicorn-6045.exe
2120	Unicorn-34612.exe
1964	Unicorn-4208.exe
648	Unicorn-3559.exe
2936	Unicorn-5443.exe
2128	Unicorn-39112.exe
1532	Unicorn-23041.exe
1500	Unicorn-5059.exe
1544	Unicorn-19127.exe
1644	Unicorn-64274.exe
1836	Unicorn-4867.exe
604	Unicorn-4867.exe
332	Unicorn-4867.exe
1784	Unicorn-27099.exe
1652	Unicorn-51291.exe
764	Unicorn-21233.exe
1988	Unicorn-11219.exe
2456	Unicorn-7114.exe
1720	Unicorn-26980.exe
1940	Unicorn-56123.exe
916	Unicorn-60778.exe
568	Unicorn-56865.exe
1572	Unicorn-13881.exe
1772	Unicorn-61364.exe
624	Unicorn-61629.exe

Loads dropped DLL 64 IoCs

pid	Process
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2684	Unicorn-46301.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2684	Unicorn-46301.exe
2712	Unicorn-53763.exe
2712	Unicorn-53763.exe
2732	Unicorn-24428.exe
2732	Unicorn-24428.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2684	Unicorn-46301.exe
2684	Unicorn-46301.exe
2620	Unicorn-31316.exe
2620	Unicorn-31316.exe
2684	Unicorn-46301.exe
2684	Unicorn-46301.exe
2712	Unicorn-53763.exe
2712	Unicorn-53763.exe
2652	Unicorn-28523.exe
2652	Unicorn-28523.exe
2572	Unicorn-35915.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2572	Unicorn-35915.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2732	Unicorn-24428.exe
2732	Unicorn-24428.exe
2604	Unicorn-35723.exe
2604	Unicorn-35723.exe
2964	Unicorn-48925.exe
2964	Unicorn-48925.exe
2620	Unicorn-31316.exe
2620	Unicorn-31316.exe
3048	Unicorn-59323.exe
3048	Unicorn-59323.exe
2684	Unicorn-46301.exe
2684	Unicorn-46301.exe
2880	Unicorn-31171.exe
2880	Unicorn-31171.exe
376	Unicorn-48733.exe
376	Unicorn-48733.exe
2732	Unicorn-24428.exe
2732	Unicorn-24428.exe
1600	Unicorn-48468.exe
1600	Unicorn-48468.exe
2572	Unicorn-35915.exe
2572	Unicorn-35915.exe
2008	Unicorn-45588.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2008	Unicorn-45588.exe
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2044	Unicorn-48541.exe
2044	Unicorn-48541.exe
2712	Unicorn-53763.exe
2712	Unicorn-53763.exe
2652	Unicorn-28523.exe
2652	Unicorn-28523.exe
2012	Unicorn-5567.exe
2012	Unicorn-5567.exe
2604	Unicorn-35723.exe
2604	Unicorn-35723.exe
2444	Unicorn-56652.exe
2444	Unicorn-56652.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2388	2784	WerFault.exe	103
3204	1696	WerFault.exe	70
6476	3000	WerFault.exe	102

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57503.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe
2684	Unicorn-46301.exe
2712	Unicorn-53763.exe
2732	Unicorn-24428.exe
2604	Unicorn-35723.exe
2652	Unicorn-28523.exe
2572	Unicorn-35915.exe
2620	Unicorn-31316.exe
2964	Unicorn-48925.exe
3048	Unicorn-59323.exe
2008	Unicorn-45588.exe
2880	Unicorn-31171.exe
1600	Unicorn-48468.exe
376	Unicorn-48733.exe
2044	Unicorn-48541.exe
2012	Unicorn-5567.exe
2444	Unicorn-56652.exe
2184	Unicorn-21877.exe
1800	Unicorn-57503.exe
2212	Unicorn-40134.exe
1112	Unicorn-7918.exe
2528	Unicorn-57119.exe
1172	Unicorn-46943.exe
1576	Unicorn-27653.exe
1356	Unicorn-38012.exe
1796	Unicorn-57725.exe
2016	Unicorn-46066.exe
1812	Unicorn-47519.exe
1684	Unicorn-39936.exe
2368	Unicorn-41960.exe
2508	Unicorn-3466.exe
888	Unicorn-13864.exe
2364	Unicorn-52475.exe
1620	Unicorn-18577.exe
3056	Unicorn-53134.exe
2724	Unicorn-46620.exe
2804	Unicorn-21697.exe
2828	Unicorn-46124.exe
2248	Unicorn-55054.exe
2744	Unicorn-50648.exe
1696	Unicorn-6045.exe
2120	Unicorn-34612.exe
1964	Unicorn-4208.exe
2936	Unicorn-5443.exe
648	Unicorn-3559.exe
2128	Unicorn-39112.exe
1544	Unicorn-19127.exe
1500	Unicorn-5059.exe
1532	Unicorn-23041.exe
604	Unicorn-4867.exe
1836	Unicorn-4867.exe
332	Unicorn-4867.exe
1644	Unicorn-64274.exe
764	Unicorn-21233.exe
1988	Unicorn-11219.exe
1784	Unicorn-27099.exe
1652	Unicorn-51291.exe
1720	Unicorn-26980.exe
2456	Unicorn-7114.exe
1940	Unicorn-56123.exe
916	Unicorn-60778.exe
568	Unicorn-56865.exe
1572	Unicorn-13881.exe
624	Unicorn-61629.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2684	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	31
PID 2672 wrote to memory of 2684	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	31
PID 2672 wrote to memory of 2684	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	31
PID 2672 wrote to memory of 2684	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	31
PID 2672 wrote to memory of 2712	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	33
PID 2672 wrote to memory of 2712	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	33
PID 2672 wrote to memory of 2712	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	33
PID 2672 wrote to memory of 2712	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	33
PID 2684 wrote to memory of 2732	2684	Unicorn-46301.exe	32
PID 2684 wrote to memory of 2732	2684	Unicorn-46301.exe	32
PID 2684 wrote to memory of 2732	2684	Unicorn-46301.exe	32
PID 2684 wrote to memory of 2732	2684	Unicorn-46301.exe	32
PID 2712 wrote to memory of 2604	2712	Unicorn-53763.exe	34
PID 2712 wrote to memory of 2604	2712	Unicorn-53763.exe	34
PID 2712 wrote to memory of 2604	2712	Unicorn-53763.exe	34
PID 2712 wrote to memory of 2604	2712	Unicorn-53763.exe	34
PID 2732 wrote to memory of 2572	2732	Unicorn-24428.exe	35
PID 2732 wrote to memory of 2572	2732	Unicorn-24428.exe	35
PID 2732 wrote to memory of 2572	2732	Unicorn-24428.exe	35
PID 2732 wrote to memory of 2572	2732	Unicorn-24428.exe	35
PID 2672 wrote to memory of 2652	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	36
PID 2672 wrote to memory of 2652	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	36
PID 2672 wrote to memory of 2652	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	36
PID 2672 wrote to memory of 2652	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	36
PID 2684 wrote to memory of 2620	2684	Unicorn-46301.exe	37
PID 2684 wrote to memory of 2620	2684	Unicorn-46301.exe	37
PID 2684 wrote to memory of 2620	2684	Unicorn-46301.exe	37
PID 2684 wrote to memory of 2620	2684	Unicorn-46301.exe	37
PID 2620 wrote to memory of 2964	2620	Unicorn-31316.exe	38
PID 2620 wrote to memory of 2964	2620	Unicorn-31316.exe	38
PID 2620 wrote to memory of 2964	2620	Unicorn-31316.exe	38
PID 2620 wrote to memory of 2964	2620	Unicorn-31316.exe	38
PID 2684 wrote to memory of 3048	2684	Unicorn-46301.exe	39
PID 2684 wrote to memory of 3048	2684	Unicorn-46301.exe	39
PID 2684 wrote to memory of 3048	2684	Unicorn-46301.exe	39
PID 2684 wrote to memory of 3048	2684	Unicorn-46301.exe	39
PID 2712 wrote to memory of 2008	2712	Unicorn-53763.exe	40
PID 2712 wrote to memory of 2008	2712	Unicorn-53763.exe	40
PID 2712 wrote to memory of 2008	2712	Unicorn-53763.exe	40
PID 2712 wrote to memory of 2008	2712	Unicorn-53763.exe	40
PID 2652 wrote to memory of 2044	2652	Unicorn-28523.exe	41
PID 2652 wrote to memory of 2044	2652	Unicorn-28523.exe	41
PID 2652 wrote to memory of 2044	2652	Unicorn-28523.exe	41
PID 2652 wrote to memory of 2044	2652	Unicorn-28523.exe	41
PID 2572 wrote to memory of 376	2572	Unicorn-35915.exe	42
PID 2572 wrote to memory of 376	2572	Unicorn-35915.exe	42
PID 2572 wrote to memory of 376	2572	Unicorn-35915.exe	42
PID 2572 wrote to memory of 376	2572	Unicorn-35915.exe	42
PID 2672 wrote to memory of 1600	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	43
PID 2672 wrote to memory of 1600	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	43
PID 2672 wrote to memory of 1600	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	43
PID 2672 wrote to memory of 1600	2672	9f7393f92afd7cf3fbd78348923ad6f0N.exe	43
PID 2732 wrote to memory of 2880	2732	Unicorn-24428.exe	44
PID 2732 wrote to memory of 2880	2732	Unicorn-24428.exe	44
PID 2732 wrote to memory of 2880	2732	Unicorn-24428.exe	44
PID 2732 wrote to memory of 2880	2732	Unicorn-24428.exe	44
PID 2604 wrote to memory of 2012	2604	Unicorn-35723.exe	45
PID 2604 wrote to memory of 2012	2604	Unicorn-35723.exe	45
PID 2604 wrote to memory of 2012	2604	Unicorn-35723.exe	45
PID 2604 wrote to memory of 2012	2604	Unicorn-35723.exe	45
PID 2964 wrote to memory of 2444	2964	Unicorn-48925.exe	46
PID 2964 wrote to memory of 2444	2964	Unicorn-48925.exe	46
PID 2964 wrote to memory of 2444	2964	Unicorn-48925.exe	46
PID 2964 wrote to memory of 2444	2964	Unicorn-48925.exe	46

C:\Users\Admin\AppData\Local\Temp\9f7393f92afd7cf3fbd78348923ad6f0N.exe
"C:\Users\Admin\AppData\Local\Temp\9f7393f92afd7cf3fbd78348923ad6f0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
        8⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        9⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        8⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        7⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        6⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41778.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
        6⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 244
        8⤵
        Program crash
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 248
        7⤵
        Program crash
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        6⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        Program crash
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        7⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        7⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        7⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38533.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        5⤵
        
        PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16976.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        5⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
      4⤵
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        5⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
      4⤵
      PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48393.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        8⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        8⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        7⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        6⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        6⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        6⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        6⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        5⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
        5⤵
        
        PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        7⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        6⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        6⤵
        
        PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61450.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        6⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        6⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        5⤵
        
        PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        5⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        5⤵
        
        PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
      4⤵
      PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        7⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        6⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46937.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        5⤵
        
        PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
      4⤵
      PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        
        PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      4⤵
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
      4⤵
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        5⤵
        
        PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25839.exe
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
      4⤵
      PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
      4⤵
      PID:6984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
    3⤵
    PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
    3⤵
    PID:5968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17345.exe
    3⤵
    PID:6952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        5⤵
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        5⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
      4⤵
      Executes dropped EXE
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        5⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        5⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8139.exe
      4⤵
      PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
      4⤵
      PID:6812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        5⤵
        
        PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        6⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        5⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
      4⤵
      PID:340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        5⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
      4⤵
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
      4⤵
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
      4⤵
      PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      4⤵
      PID:7040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
      4⤵
      PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34835.exe
      4⤵
      PID:7156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
    3⤵
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
      4⤵
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
      4⤵
      PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48808.exe
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
    3⤵
    PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
    3⤵
    PID:6300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        7⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        6⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        6⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        5⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
      4⤵
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33357.exe
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      4⤵
      PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
      4⤵
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      4⤵
      PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
      4⤵
      PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
      4⤵
      PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
    3⤵
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
    3⤵
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
    3⤵
    PID:4796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
    3⤵
    PID:5860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
    3⤵
    PID:6372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
      4⤵
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
      4⤵
      PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13637.exe
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
      4⤵
      PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
      4⤵
      PID:6944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
      4⤵
      PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
      4⤵
      PID:6376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
    3⤵
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
      4⤵
      PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
    3⤵
    PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
    3⤵
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
    3⤵
    PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
    3⤵
    PID:6232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
    3⤵
    PID:6776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
      4⤵
      PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23318.exe
      4⤵
      PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
    3⤵
    PID:4244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
    3⤵
    PID:5396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
    3⤵
    PID:6384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51291.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
    3⤵
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
      4⤵
      PID:6672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
    3⤵
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
    3⤵
    PID:1368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
    3⤵
    PID:6276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
    3⤵
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
    3⤵
    PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
    3⤵
    PID:6676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
  2⤵
  PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
  2⤵
  PID:3984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
  2⤵
  PID:5024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
  2⤵
  PID:5900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
  2⤵
  PID:7032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe

Filesize
468KB

MD5
bf57d6144551019b1ec117dc9402f970

SHA1
4203c6b4fc9e7c8fae8c4bdb09a0a13b22b81f89

SHA256
1bbd38265ea3c72a5ad8b0f731df6dafb4f915d89c57d69545e6333d4e28dce7

SHA512
80b848198a8491ed0755763eb8476806befac5c144f124ee8c15331a41e575ed3ba3f96b3c03f24504b01e414e6a221737dab387ac22ee0c3c96c4c514316887

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe

Filesize
468KB

MD5
e3fe0db732c7e0c9a9f95493d0aad060

SHA1
ab49b7302069fb89261e7f50d6c7894322c9d788

SHA256
9bb7348f536bcce34cce61ee6c4df1d98c714dad3c9d0163876c51ad6df698a9

SHA512
83ca6fbec684ce78064843c6ee19880a5a606f0c9ce9de3d0b3e0a7799a6c97ad11a8b67eacd0804a9d2b56e28fde00335397dc06f927cc3b6b5d8a2805c1c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe

Filesize
468KB

MD5
263a94816bb7d0b9416811c234765579

SHA1
61c19059ac156a5e4c75ba6282615d6772857d4e

SHA256
5f2ff082e6a5f4d6187218d1e509d4cbae477e62d25996ffc149a619883636e8

SHA512
347c9eb7e6100d314c0f62c98a8069ecd9e566fd588ae7f757491327dd946872874a677b338e6c3069ee4ef61ee3aec6a81daee9ee344d4792ec134556fd6ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe

Filesize
468KB

MD5
04effdc3d3ea02aefea7f251396e51ee

SHA1
164f053010527d1bb6cd64954562c09f2d6bd441

SHA256
4823d7ee5a6f09a51105b270e8ad80138abc2a68d9a85aad589c74472e7fe758

SHA512
9f5fef343738b4b35c10b397b51903585fefac604310bb826b9d7d1b59a6f46ad693667ee3ebfa6bba5ce47d9d41fc5e5629bd873db477dd3abd3206e2acbc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe

Filesize
468KB

MD5
8a99307e78c098e80e76fd59dcc58f78

SHA1
0fbaf251b1a9729255377ff379e328d66b83be7b

SHA256
2f410bb4b064ccc337a262d4ad52601f46d3466318918d12bcfe455ed163d404

SHA512
1c22d8374a42242fdceab9f32da21f41b205ca85b3d76c2fca94876457b3ae46a8acd97eb2df0f81e0c41818d4effb3e4aa3f196ff1cd1be1ebdd23c27607a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe

Filesize
468KB

MD5
24894557f648a164b3b8f85eb5b312de

SHA1
6a8a249af7ede2098a39b1bb7d3a882daad05cf5

SHA256
5417be8059766846042781a11bec4069336af8a0dc5982ff017659cc5c2a6536

SHA512
827b0e77c75260b83c9fd577df134de76632346ca3edeaa61a33ae0b02420d753b0f6af2d60accfc90d8d6f26c820ced15134a7ac4c6e94920d0c09dcb4d0592

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45588.exe

Filesize
468KB

MD5
dd3c28fcbcef8dca63f7fa7a9c3d4529

SHA1
7f697ffce2e8ba70c80ef58fc0091cd1ec178cf1

SHA256
786cf43c1f092256ea89cf6cc64c21a73f1d470c6b6e1aa085bfcf1cbaedd665

SHA512
b909a1bf9724d08d6796222d2f795e6208399b6cd58de9de3ae0d052c3070e5fed3f3c211bfd9282623f230e043e1393f118f601f8dac5154773bde0c0752445

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe

Filesize
468KB

MD5
3349c8f3f3f1cbe38663bd7f2220092b

SHA1
0c8c773acd8cb07e19969bdb7c66785914d1dd12

SHA256
b483c9c72922b629f3a8887da149a1e8d3397d52713184841599cc8d29b6c51a

SHA512
aeb87ad4cc19962220ff48492b578174069c3605f8209a9035999d98f3d48e7872f58d8962e7a258a6bff539e2f475d6664970b9ecb93c75bee45d3cab8d9758

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe

Filesize
468KB

MD5
73428c9cc03c07eab1dd8ffd00e3dcdf

SHA1
f0dc19f6ae8e19bc594a1539a27656127f37d49b

SHA256
dd34953e3c43cd789416f27f0c3e7e242f2d01cf172883a7d812fdb33864e8aa

SHA512
36894b6221cb76fbac6422d6a969e6521a0e4ed442244810c3891755fac73280c3a06401c58368859c983cd5706c74970d0e778c9afe0e2ec6c932263c9f8ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe

Filesize
468KB

MD5
d50c3fa91077d646fc3ce7d23f9c49ff

SHA1
0e9c846fc47dd8d97c64cbbad7c7ee088054e9b3

SHA256
64320f6831a725d79fbe59fba097e1eb4ee8705f26d685ae4f95b3d328fb4a9e

SHA512
90f00bc1bc47c714c7681d45a1118067626a525ff16b10804d0b941098a415d2fbfafbc42db83a382b6d7c2772b6f7eb6c1a120ae1f88c106ca7c25311f4b432

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe

Filesize
468KB

MD5
6fab487d4a9f0924e7ae196e6e3a6949

SHA1
018fc2d6f1c626c5d5e83dfdc7fb75ccf069c575

SHA256
35b54f1150ce69f8a5a64b1263c5b3278c8798ed39fd50b118869c94612a117c

SHA512
6536c695d66115b2ccae12957e2c51c1d15aef2f868d7fde3da8d3976462a19a4568be2384a018f0daafbf55626f79fec6409c38c44de656b967820f2958db4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe

Filesize
468KB

MD5
a4267ee4772197cd8cd8580e9b4db006

SHA1
93c71d188e1041529fa5a9e04db101fe3a58a2df

SHA256
68435b881ad879a3398e0adfe29bf44efc687f58c77e219e7b7a081e83c0efa9

SHA512
281521887e4423c6aaaaae85a55ef7648251802a4cce968b47b248c0be87eb88b7246c945e661d838806d3f2c88155dc28e83c42169f422e8daa47647922f2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe

Filesize
468KB

MD5
f3e6d36860f3488eb91ee399d2934f85

SHA1
6f75206058b35b5159b4c69ac54adf9118973bf6

SHA256
e3b39143f24cb4fb04931e6bd8d81d3e18553a2dc85c13caecf75c118522b7fb

SHA512
3c094174be69af66605c4e774c47edc34b197314d21bb34d252705a380c72481f265afe619c13a65cb4fe2f43c17fc25e02530d41b63c499c833de805071285b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe

Filesize
468KB

MD5
410130b1e63e7243526f3d53b8e8d7e2

SHA1
fcabecc1e758d27be9ea512460a59ef6834e8256

SHA256
ec38f6df5d80a840ef82bb1aa4a3d9870095ef73a724519e1f6eab79cd80743d

SHA512
d32f731b27d9106e0e5c4e3f298fcb0af025b5b6b322e7b4b8af8c957fb014331ddaa758cb396743c190cbe3cca796e70a7f6d693b14f4da0650be053d621783

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe

Filesize
468KB

MD5
29717e0e25c4f6499de23296edf10116

SHA1
19b507baa84b39ecc591f90e3f8068b823a72b7e

SHA256
b10b75e3345dd5939ffe96f040412a581633a7df62ad5bf922a5e61b78faa66d

SHA512
1782f479520d87694335a69806019cfdfea599640432de8757f680a2ae43da6c2557a091efc3d704672ee39577f7bad530952848e5ec4395a613ed7f5a05a8b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe

Filesize
468KB

MD5
ebebef1a0f0133ff35321a4c04ab9c58

SHA1
5739fca8fe9882110b1e6e4b8058960ca04bfe03

SHA256
2848943959dc39539dd802d98c6251be2d535fefd748adb728c75be30c968411

SHA512
ecb405b4953271230020648204628cf2cc45a563602f66b7c405df2b39a8a69b5e73b0da64a5c01b6a6fcd447b6ceae8dbf789d42d5882ac4070da494ce1406e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe

Filesize
468KB

MD5
c0abcfe6b2f3ec77722a0b03cea4a87a

SHA1
84dba29cdc768ab607b680b8883fdca85e65d6b8

SHA256
d4aae97857be9e3b805304b19f8e8efbafc14000e68a925a6ac03c2bbb47fa91

SHA512
0df0121bad058a11381f96ae4d909dbb596938c702143921760ea1b4fe5aa5f5afa40966267ca19b6ea3374fef8fe870ed27e2c71f3a689c6f62184826082ad1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe

Filesize
468KB

MD5
a01171d3b7472f254532d49a57fbb55a

SHA1
f29d11416e0e72ccdda1c38a7e96fe99ef9a4078

SHA256
f417630785d0b286e03e239d3d84b1c96071c9f58abcb405b8c2182d56835060

SHA512
ef5c1f58b5a3e83345bfebf635f4c25c086fccd0afe27ed3502c17cbd40f11a242fd7ff09eb12f22eaccf7f859e2985f7a336f25dfd707a139688b90cfbcfeeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe

Filesize
468KB

MD5
079eeaa501d183280ceb7bb800f41de8

SHA1
257babbd54b464fa0e2bde4b29b5b8b758a8b517

SHA256
fd6abd75d90afaac0d004b94154dd889fe0e972764a3e694d733e5a46e949c06

SHA512
a15bf8b6dfb348ad21d2ba856e31984197ef47a2c8f29d5c56d9ee455adb875fb2b12c6605c82bc5c34492e97b2bc08a716c87e6b2f65cc289f39b0231d7449e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe

Filesize
468KB

MD5
2be544499c7e247ebb08e19d2cecb30b

SHA1
5ce3b125e79a2fdb87bef7d23bce250b18ba90a0

SHA256
3ac1a5655cb96c38218302b371153852fc237d863cf4edec6b5835870d8e82d0

SHA512
e76f142bb4ee449fdad66a084b4c2536525615dd5e26b9aa0a65589826291a54962d29eadf0733a7d8c927c61a0fe3e315f892334ed270f12142b268486c566e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe

Filesize
468KB

MD5
d142e3dbd491d164f1f27d7ae796d6f4

SHA1
729f9f66d44c6e4da599da5b4fd64463a57f2638

SHA256
d16858efd314d5666a026b19759202123b82f2a893585743f14f978c92348b09

SHA512
453481f8f694b6b272c3d244fff6430ab8edeaab34e633f4f9ba8ec44dee33f6c5ce2f5a5c11abbabf03f881eb096b89dce975434b9583edf85a56e93833a153

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe

Filesize
468KB

MD5
07e8055bde052efb077f464e4d0ea56b

SHA1
0425aa36f199ced375f9196bdf60e61ef3cdd8e7

SHA256
a717b7b637d4b9f30f059c802dc5903c39bf91ffb75da3577f979b44217e937a

SHA512
6d8901c16066b2213bd9404084113365cb6ac15aaec839c0158d1c764cd3c6755ea58f3ea89fd9eff965be38a3087f0ffc98bb2a0b9b8312aec845b6bf22efa3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe

Filesize
468KB

MD5
f785e9a9e3dff3d536c3f133288cbb81

SHA1
42c8c9e0af738f388a035c7eed6fb3b24c2eb151

SHA256
86da12f3bb9ef37b1e1e62b0087cdb6b1feacef9d01ffaa5cf0a0c6bf9ff8ab9

SHA512
4c784303f27eaf7cb7c71feea6f76dcc1df777e3acf0ab0039ea745ac24f86b1e636100897c03ca9fa9ecfd7f8bb859431a7fbafca605f19ae3686c6ccaed893

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57503.exe

Filesize
468KB

MD5
c8d08b06f8bc05afc4733bebf09c5367

SHA1
c1d7170dbc8447263240210f2e3da3c09111deff

SHA256
ecb55409037572459f1999d4b3c1d8ca0b341d070d23e08fff8b1380128b468e

SHA512
4a367640906285f9d79b970304f56a4d86ead6ca3a221d2eab46b3b95d147aa3d5ffb6490d540b46860d80b0a04c1b7176272e218d33734308634af1c61d4273

Download Submit