8d3bad0c5509ad8e1bca32ddb09ba5e86f1e3fd666e9757ff099c736791a4a6e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 20:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

58fc3ad24f32bf615d05fec79bdcc080N.exe
Size

468KB
MD5

58fc3ad24f32bf615d05fec79bdcc080
SHA1

24eeeba9b647ba64ddacf66509e83e5da083e8c9
SHA256

8d3bad0c5509ad8e1bca32ddb09ba5e86f1e3fd666e9757ff099c736791a4a6e
SHA512

30d0c40d50cbc95e9e19c75500c93031241f212188517290f4b97c28c9a0dcfa55b2cef1d811f8d2fb66a94359150b2d2d7d71d104d9949ca68d39440038bef6
SSDEEP

3072:ebACoBIdlU5UCAYfP0NjZfB/MS+F0Rpon6HexV0UfVfNt+lZHalU:eb1oWcUC5PojZfpXmhfVlolZH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1524	Unicorn-21096.exe
1648	Unicorn-44806.exe
2552	Unicorn-18718.exe
2908	Unicorn-1874.exe
2756	Unicorn-55059.exe
2648	Unicorn-18211.exe
2656	Unicorn-63882.exe
2664	Unicorn-40852.exe
1880	Unicorn-29154.exe
2960	Unicorn-7987.exe
3036	Unicorn-63310.exe
2856	Unicorn-3903.exe
2832	Unicorn-3903.exe
2860	Unicorn-37079.exe
1848	Unicorn-17478.exe
1304	Unicorn-62424.exe
788	Unicorn-38474.exe
2416	Unicorn-43950.exe
268	Unicorn-26143.exe
1080	Unicorn-13799.exe
700	Unicorn-31511.exe
1684	Unicorn-40442.exe
2280	Unicorn-19921.exe
2320	Unicorn-21702.exe
904	Unicorn-15423.exe
932	Unicorn-35289.exe
1320	Unicorn-11661.exe
2104	Unicorn-57333.exe
2368	Unicorn-62486.exe
2284	Unicorn-31781.exe
2260	Unicorn-54339.exe
916	Unicorn-3860.exe
1956	Unicorn-51578.exe
1592	Unicorn-40717.exe
1972	Unicorn-45356.exe
2984	Unicorn-7852.exe
2732	Unicorn-58999.exe
2764	Unicorn-3503.exe
1788	Unicorn-4323.exe
2920	Unicorn-28827.exe
2288	Unicorn-40525.exe
2980	Unicorn-60945.exe
2820	Unicorn-2185.exe
2992	Unicorn-42471.exe
2024	Unicorn-33341.exe
1472	Unicorn-44920.exe
1580	Unicorn-45185.exe
2948	Unicorn-30886.exe
3008	Unicorn-30795.exe
2840	Unicorn-64214.exe
1536	Unicorn-53353.exe
2944	Unicorn-2106.exe
1640	Unicorn-8236.exe
1748	Unicorn-59383.exe
2204	Unicorn-51770.exe
2500	Unicorn-65505.exe
464	Unicorn-17588.exe
1812	Unicorn-7359.exe
1616	Unicorn-43492.exe
2164	Unicorn-48968.exe
1244	Unicorn-18242.exe
2108	Unicorn-60955.exe
2144	Unicorn-26964.exe
2584	Unicorn-63258.exe

Loads dropped DLL 64 IoCs

pid	Process
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1524	Unicorn-21096.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1524	Unicorn-21096.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
2552	Unicorn-18718.exe
2552	Unicorn-18718.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1524	Unicorn-21096.exe
1648	Unicorn-44806.exe
1648	Unicorn-44806.exe
1524	Unicorn-21096.exe
2908	Unicorn-1874.exe
2908	Unicorn-1874.exe
2552	Unicorn-18718.exe
2552	Unicorn-18718.exe
2656	Unicorn-63882.exe
2656	Unicorn-63882.exe
1524	Unicorn-21096.exe
2756	Unicorn-55059.exe
2648	Unicorn-18211.exe
1524	Unicorn-21096.exe
2756	Unicorn-55059.exe
2648	Unicorn-18211.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1648	Unicorn-44806.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1648	Unicorn-44806.exe
2664	Unicorn-40852.exe
2908	Unicorn-1874.exe
2664	Unicorn-40852.exe
2908	Unicorn-1874.exe
1880	Unicorn-29154.exe
1880	Unicorn-29154.exe
2552	Unicorn-18718.exe
2552	Unicorn-18718.exe
2860	Unicorn-37079.exe
2860	Unicorn-37079.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
2856	Unicorn-3903.exe
2856	Unicorn-3903.exe
1648	Unicorn-44806.exe
1648	Unicorn-44806.exe
1524	Unicorn-21096.exe
1524	Unicorn-21096.exe
2648	Unicorn-18211.exe
2648	Unicorn-18211.exe
2832	Unicorn-3903.exe
2832	Unicorn-3903.exe
2960	Unicorn-7987.exe
2756	Unicorn-55059.exe
2960	Unicorn-7987.exe
2756	Unicorn-55059.exe
2656	Unicorn-63882.exe
2656	Unicorn-63882.exe
788	Unicorn-38474.exe
788	Unicorn-38474.exe
1304	Unicorn-62424.exe
1304	Unicorn-62424.exe
2908	Unicorn-1874.exe
2908	Unicorn-1874.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2604	1748	WerFault.exe	84
1840	2808	WerFault.exe	118
6360	2812	WerFault.exe	139
6400	2196	WerFault.exe	140

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32129.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1576	58fc3ad24f32bf615d05fec79bdcc080N.exe
1524	Unicorn-21096.exe
2552	Unicorn-18718.exe
1648	Unicorn-44806.exe
2908	Unicorn-1874.exe
2756	Unicorn-55059.exe
2656	Unicorn-63882.exe
2648	Unicorn-18211.exe
2664	Unicorn-40852.exe
1880	Unicorn-29154.exe
2832	Unicorn-3903.exe
2960	Unicorn-7987.exe
3036	Unicorn-63310.exe
2856	Unicorn-3903.exe
2860	Unicorn-37079.exe
1848	Unicorn-17478.exe
788	Unicorn-38474.exe
1304	Unicorn-62424.exe
2416	Unicorn-43950.exe
268	Unicorn-26143.exe
1080	Unicorn-13799.exe
1684	Unicorn-40442.exe
700	Unicorn-31511.exe
2280	Unicorn-19921.exe
2320	Unicorn-21702.exe
904	Unicorn-15423.exe
1320	Unicorn-11661.exe
2104	Unicorn-57333.exe
932	Unicorn-35289.exe
2368	Unicorn-62486.exe
2284	Unicorn-31781.exe
2260	Unicorn-54339.exe
916	Unicorn-3860.exe
1956	Unicorn-51578.exe
1592	Unicorn-40717.exe
1972	Unicorn-45356.exe
2984	Unicorn-7852.exe
2764	Unicorn-3503.exe
2732	Unicorn-58999.exe
1788	Unicorn-4323.exe
2920	Unicorn-28827.exe
2288	Unicorn-40525.exe
2980	Unicorn-60945.exe
2820	Unicorn-2185.exe
2992	Unicorn-42471.exe
2024	Unicorn-33341.exe
1580	Unicorn-45185.exe
1472	Unicorn-44920.exe
2948	Unicorn-30886.exe
3008	Unicorn-30795.exe
1536	Unicorn-53353.exe
2840	Unicorn-64214.exe
2944	Unicorn-2106.exe
1640	Unicorn-8236.exe
1748	Unicorn-59383.exe
2204	Unicorn-51770.exe
2500	Unicorn-65505.exe
464	Unicorn-17588.exe
1616	Unicorn-43492.exe
1812	Unicorn-7359.exe
2164	Unicorn-48968.exe
1244	Unicorn-18242.exe
2108	Unicorn-60955.exe
2144	Unicorn-26964.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 1524	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	31
PID 1576 wrote to memory of 1524	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	31
PID 1576 wrote to memory of 1524	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	31
PID 1576 wrote to memory of 1524	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	31
PID 1524 wrote to memory of 1648	1524	Unicorn-21096.exe	32
PID 1524 wrote to memory of 1648	1524	Unicorn-21096.exe	32
PID 1524 wrote to memory of 1648	1524	Unicorn-21096.exe	32
PID 1524 wrote to memory of 1648	1524	Unicorn-21096.exe	32
PID 1576 wrote to memory of 2552	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	33
PID 1576 wrote to memory of 2552	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	33
PID 1576 wrote to memory of 2552	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	33
PID 1576 wrote to memory of 2552	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	33
PID 2552 wrote to memory of 2908	2552	Unicorn-18718.exe	34
PID 2552 wrote to memory of 2908	2552	Unicorn-18718.exe	34
PID 2552 wrote to memory of 2908	2552	Unicorn-18718.exe	34
PID 2552 wrote to memory of 2908	2552	Unicorn-18718.exe	34
PID 1576 wrote to memory of 2756	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	35
PID 1576 wrote to memory of 2756	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	35
PID 1576 wrote to memory of 2756	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	35
PID 1576 wrote to memory of 2756	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	35
PID 1648 wrote to memory of 2648	1648	Unicorn-44806.exe	37
PID 1648 wrote to memory of 2648	1648	Unicorn-44806.exe	37
PID 1648 wrote to memory of 2648	1648	Unicorn-44806.exe	37
PID 1648 wrote to memory of 2648	1648	Unicorn-44806.exe	37
PID 1524 wrote to memory of 2656	1524	Unicorn-21096.exe	36
PID 1524 wrote to memory of 2656	1524	Unicorn-21096.exe	36
PID 1524 wrote to memory of 2656	1524	Unicorn-21096.exe	36
PID 1524 wrote to memory of 2656	1524	Unicorn-21096.exe	36
PID 2908 wrote to memory of 2664	2908	Unicorn-1874.exe	38
PID 2908 wrote to memory of 2664	2908	Unicorn-1874.exe	38
PID 2908 wrote to memory of 2664	2908	Unicorn-1874.exe	38
PID 2908 wrote to memory of 2664	2908	Unicorn-1874.exe	38
PID 2552 wrote to memory of 1880	2552	Unicorn-18718.exe	39
PID 2552 wrote to memory of 1880	2552	Unicorn-18718.exe	39
PID 2552 wrote to memory of 1880	2552	Unicorn-18718.exe	39
PID 2552 wrote to memory of 1880	2552	Unicorn-18718.exe	39
PID 2656 wrote to memory of 2960	2656	Unicorn-63882.exe	40
PID 2656 wrote to memory of 2960	2656	Unicorn-63882.exe	40
PID 2656 wrote to memory of 2960	2656	Unicorn-63882.exe	40
PID 2656 wrote to memory of 2960	2656	Unicorn-63882.exe	40
PID 1524 wrote to memory of 3036	1524	Unicorn-21096.exe	41
PID 1524 wrote to memory of 3036	1524	Unicorn-21096.exe	41
PID 1524 wrote to memory of 3036	1524	Unicorn-21096.exe	41
PID 1524 wrote to memory of 3036	1524	Unicorn-21096.exe	41
PID 2756 wrote to memory of 2832	2756	Unicorn-55059.exe	42
PID 2756 wrote to memory of 2832	2756	Unicorn-55059.exe	42
PID 2756 wrote to memory of 2832	2756	Unicorn-55059.exe	42
PID 2756 wrote to memory of 2832	2756	Unicorn-55059.exe	42
PID 2648 wrote to memory of 2856	2648	Unicorn-18211.exe	43
PID 2648 wrote to memory of 2856	2648	Unicorn-18211.exe	43
PID 2648 wrote to memory of 2856	2648	Unicorn-18211.exe	43
PID 2648 wrote to memory of 2856	2648	Unicorn-18211.exe	43
PID 1576 wrote to memory of 2860	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	44
PID 1576 wrote to memory of 2860	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	44
PID 1576 wrote to memory of 2860	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	44
PID 1576 wrote to memory of 2860	1576	58fc3ad24f32bf615d05fec79bdcc080N.exe	44
PID 1648 wrote to memory of 1848	1648	Unicorn-44806.exe	45
PID 1648 wrote to memory of 1848	1648	Unicorn-44806.exe	45
PID 1648 wrote to memory of 1848	1648	Unicorn-44806.exe	45
PID 1648 wrote to memory of 1848	1648	Unicorn-44806.exe	45
PID 2664 wrote to memory of 1304	2664	Unicorn-40852.exe	46
PID 2664 wrote to memory of 1304	2664	Unicorn-40852.exe	46
PID 2664 wrote to memory of 1304	2664	Unicorn-40852.exe	46
PID 2664 wrote to memory of 1304	2664	Unicorn-40852.exe	46

C:\Users\Admin\AppData\Local\Temp\58fc3ad24f32bf615d05fec79bdcc080N.exe
"C:\Users\Admin\AppData\Local\Temp\58fc3ad24f32bf615d05fec79bdcc080N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        8⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        8⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        7⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        7⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        6⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        7⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        6⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        7⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        7⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57553.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        5⤵
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        7⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        6⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        5⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        7⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10784.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63330.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        5⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        5⤵
        
        PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
      4⤵
      PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
      4⤵
      PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
      4⤵
      PID:6764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        6⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        6⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        7⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        6⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        5⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        6⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        7⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        6⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
      4⤵
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
      4⤵
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
      4⤵
      PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
      4⤵
      PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      4⤵
      PID:6944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
      4⤵
      Executes dropped EXE
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
      4⤵
      PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
      4⤵
      PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        6⤵
        
        PID:5236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        6⤵
        Program crash
        
        PID:6360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        5⤵
        Program crash
        
        PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
      4⤵
      PID:6952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        5⤵
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
      4⤵
      PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
    3⤵
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
      4⤵
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
      4⤵
      PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
    3⤵
    PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
    3⤵
    PID:6592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        7⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        7⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        7⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        7⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41240.exe
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59514.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        5⤵
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19584.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        6⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        6⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        5⤵
        
        PID:2808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 200
        6⤵
        Program crash
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        5⤵
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
      4⤵
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
      4⤵
      PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47862.exe
      4⤵
      PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      4⤵
      PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        7⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        6⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        6⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        6⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        5⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        5⤵
        
        PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52217.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20929.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
      4⤵
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      4⤵
      PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        5⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        5⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58178.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      4⤵
      PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
      4⤵
      PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      4⤵
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
      4⤵
      PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
    3⤵
    PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
    3⤵
    PID:5712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        6⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50948.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        6⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        5⤵
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
      4⤵
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      4⤵
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      4⤵
      PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        5⤵
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
      4⤵
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        5⤵
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      4⤵
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
      4⤵
      PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
    3⤵
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      4⤵
      PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
      4⤵
      PID:6184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42813.exe
    3⤵
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
    3⤵
    PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
    3⤵
    PID:5784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        5⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        6⤵
        
        PID:7028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        6⤵
        Program crash
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24742.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
      4⤵
      PID:7004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28827.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
      4⤵
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
      4⤵
      PID:6748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
      4⤵
      PID:6200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
    3⤵
    PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
    3⤵
    PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
    3⤵
    PID:6988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      4⤵
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52810.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
        6⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
      4⤵
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
      4⤵
      PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
      4⤵
      PID:6608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
    3⤵
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
      4⤵
      PID:6812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
    3⤵
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
    3⤵
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
    3⤵
    PID:5032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
    3⤵
    PID:6512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
    3⤵
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31260.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
    3⤵
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
    3⤵
    PID:5632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
    3⤵
    PID:6428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
  2⤵
  PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
    3⤵
    PID:7092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
  2⤵
  PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
  2⤵
  PID:3912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27874.exe
  2⤵
  PID:4172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
  2⤵
  PID:5384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
  2⤵
  PID:6848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe

Filesize
468KB

MD5
87d7c98462a3f169d29baed0b48411d3

SHA1
119772c94591e7c7db8c9868145d0984446c0cfc

SHA256
4c39dfc8b3b6b0fdcddd537608f5c4edc89884697f84ce4d7b8fa9052b80e834

SHA512
7ec52c1b3801b85bc7ffdeda049410998f4c6bf690d31ffd8eb9b0696c92c32f158d1535ecc14e4e1b28d64adde2f1b153dc1e454c9dcfefcad3d0d5644acfeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe

Filesize
468KB

MD5
99373c9b17bf7b0736fc84f8fdea7f87

SHA1
679e2c449fa4bf8c381e9f48a5095173099333ab

SHA256
6d9d6b5dd962b90b99004d694ef3e99d3aada7ff2c27d231bb6cb720537446e5

SHA512
4f42a0cb1516d20835af4634ab3f53397f5eb5f6194dae43318dd3eb200e7384f9d78159a18062c789377b5f18de2af3a520d6af76af5f511ec9eca72a4c553f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe

Filesize
468KB

MD5
30448bb9493529b42e4eb9cb2b73e65c

SHA1
74ce75773d7c725123d2f8be6306fa3c5fa39b82

SHA256
a07037c6046bfe3449864eb01dc80ab245ed32150c0dbd0f4d372348353a46e8

SHA512
0a38c4a26d785d0ef31542ae44b871645780fe70833810599ac64cc3d145a642c3570d7aa48d05550b10d302afeda93625d4b83bde159428cd632eb132e67a6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe

Filesize
468KB

MD5
418beba33b70f50cae5ec40b6fa9c193

SHA1
8e3c20b7620a6f546e7e1084b8b4c42b3c73d282

SHA256
d436631463117d7001d6c637b1e07997b7f9f786444a5a9ed6f53d44cd1a1435

SHA512
962a5bdc770a06d8e1edb23dc9df67fd04d9cea8d3f565b9f13c311ac9ed92cae794448d950409e19f6a53f4bb56c4c51981b9a9a88deb25e857dd91c5107fcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe

Filesize
468KB

MD5
a1cfc8c9dd8ba4bf6b5482c2014dfe33

SHA1
e70593857c5c47825e066925c67b62f92b0d1201

SHA256
61a46d54855fcc817c4862d006e5f5f1d28de8a3064e5ea788f6de95ba2eed18

SHA512
a78cc7a5bc29dd09768b34aa422ccd9d0a89d7b11ee3a92702ccb149b4b7fa8c644ec0acd40ce2168f76d17c05ae6462268f9b9d521b67caba19693997a0fc7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe

Filesize
468KB

MD5
a20b4b9fa4c96c34a4b14baa979aff6f

SHA1
464c80d86e6f123784044b9165b49092e4e0df51

SHA256
600050f430bc96d68a17b73bc0e749539e0de81c6560d7d111a3af3d1099e618

SHA512
f57e17e6787ecca8f16c3302289b55de93382263b0a62c12c5c26e08efbb6ee063e59e2a416cfd4bbfdf3d5adbadfbc4e5dbcdb95988b3a68b5cc1f9dfc9c1cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe

Filesize
468KB

MD5
c8648e6e0638cc6ae75f04e6e53d9d3e

SHA1
a4c2ff0f4c591553017d8cce848f8de44b67eae2

SHA256
fa20b264e20e36db264a1d750d60c2024d0304a7843a0f6fbe28d12bc300eb53

SHA512
8b16f097ac0cd2132eea5f5ee03ed04f6842dda239c5998033679671c1385dd1e1e7beffa78631b852e71adf69dd62cd532ca6351a7a931a2d3f8bd94b564a17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe

Filesize
468KB

MD5
d4bf19100041f45beb50410c49e672df

SHA1
fd9fbce046c24e31db88b25578bd7a2420836182

SHA256
77d8ed9936794aaa7d9d402de0baa64bcd08277211a2d6c1e5922f0ccecf5a7f

SHA512
f4a17ee52b678d6410a932f94026159b9afd535e60b1297349e960ea19c57ea613aab24a8178b3a85148957d8c57b198639c2ab93efec3e992865126dcc5bfaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe

Filesize
468KB

MD5
4552c569e46fa9601ead718696c515a1

SHA1
e658f8604b1649aa1a670fbcab849498a86597e0

SHA256
41f4557673dc7d92d82fe441740a21322def710349a0b490b5b8e4965b841e37

SHA512
7cea48e205bf9f22403c9bfc9c8e8ced0da4c43a42950f8f0739add7647ba8fa26de4d1b04119c9fa42d7c6cffd040d9572670be1604012f48d6215f9d2725cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe

Filesize
468KB

MD5
912e92542bc99efb0e285d1396ef5d03

SHA1
207fe06e24d6e56e3b6b1de90c976f2aeb24b01b

SHA256
726f7c99b21c53492873a9d3e342475a69406132a705affd9a0ab628c8e6b19c

SHA512
c6f16f00a2bd969cadf1c81523101626006e5444f71b7419350db40d3d35ecd39d63a55fca9096ffc0b7bff718244e70b68ecf0ba711299e23ae6d1a8bebfa3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe

Filesize
468KB

MD5
b09b2e4fc0cb35eeb4913d39da08719e

SHA1
d780aecf9ee90e26230f7d3aad50fd45a2e794a4

SHA256
2dd868647f88d0cfb6341fbbe2f536006bea0910530f064226932888b0a4ce59

SHA512
e28668a57c5707c02acc4abf2ff75c49ae41cdbe361d4e2a44c4ec625367ef3c8c94ad2c82f0000c0ca3474d6a5b7c25e87ea65a053727c0693fb88c496b60be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe

Filesize
468KB

MD5
94dd8035f3bfc63c0e9119cd3d460b7a

SHA1
a3fb83ed0e5a99213cf748fc296fbb171751fd57

SHA256
c3e834231aad805e4ba87f307372893d3aa642c99331bdf0bde0186fbe2219b4

SHA512
0c17c5684b68f531eacd2b7a4489c87270bb58adefd979f112e665816e1e361b653fdf76371c55b99d00d7b6b8982e73ee0bd873e5523de4fbe00ec0492fa0cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe

Filesize
468KB

MD5
d224ba1d6beef61dda0d5d615b62d529

SHA1
6d2dccd0f3d37bb7cefcd6178bd1b4495ad50e7a

SHA256
653d1645f60ad7188c91bb5625dee7ad9ea3e64bbb96c7504b0529b6da538d52

SHA512
2e1ce1d7c84ff7732ad319bdc5a2676ba706fe7469adf39ae12945a594145d0030707ddcfda4b3fdd264143b2640fa1ce745e188f05ffa5b0832c1e9cab52f80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44806.exe

Filesize
468KB

MD5
be31cf13487f67827ef4a27ea9771153

SHA1
2de116b1df7132b8f859860ee2c01221a081667c

SHA256
13c4921d6196b966b4ca7629f45e33fc2b4005aa5f260691a421c4c3705d1828

SHA512
4e249cbefcd08e6836969667b5b9b2d6e7d5115586556655595a9afddf7479e4bcc00c37fd9fe11379e4bffa0e931c0c10c3a2686946c369acad519368ddb2ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe

Filesize
468KB

MD5
c95e0f39ff220fcf0b7f0a3f3d97bea1

SHA1
bd2e58c87be2725a23ebf12d84e8bae27e257c85

SHA256
f798dae21d30dffe37c0a98429418d3b298f8969fca51311ace69740ad0621a5

SHA512
bf53294e18d833f1b30d72de6d013cd578ac24906f379695f3394533d6c804a9c759e62bf1829f6b364eff0c306d23d1e3b7549bb6c32b081df45c51cfbe0b9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe

Filesize
468KB

MD5
d3fa0f230e053b8ef4878e6c4e0808e3

SHA1
9eea6db33301853fa537cb90a709b1f2926f0ba3

SHA256
41b2201a366aed9b1f4ae970a852a3d1b34f7e8ea2c1db640a35db271b9b39ba

SHA512
aaec56883b7a73423e0a11ec88c935cf1dea5bb98b5a8050c816f381f33a8ac5273c0e0bc66a92de1db4783aefaab8f61b5fb468d7932a9051606e1a16d94331

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe

Filesize
468KB

MD5
19cdd38aee34184e2f9c860cf6127218

SHA1
e68b55ecb275910d7bfb19ee1febe8b45fda6a91

SHA256
37f69cf6f19f8d0036c935d1d9c67b57d1c12e437f5a46e82a5a8ba9740031b2

SHA512
efe99faae9d56d675b27ff94a76eb87f8aa06c0081a14f04ceeda34790cf6ba4eb795a4d82f3b38fa60d62023f4ac47708e808f3d0c9a7315aba346f7e5abe5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe

Filesize
468KB

MD5
24d7b61f3a305725234f71d934724f6e

SHA1
3bb4184b7232b7c3fa0a80981fdd9d08d261bde8

SHA256
95212c17986af777c73fdfda341e230c00e52d7390fc749ee95bbf3bdca09281

SHA512
f1b7faf332d6bd9b32bf202210314a856b94b60abb9e7ade81ced3ccad61d54d821098f6369013543b5c5f7bf9216fcd4f72a27291be616f5167089510fcc813

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe

Filesize
468KB

MD5
ff7d12927a8a2e0fa1dc9b8b8fc7d8ef

SHA1
0f4a2c94e4d4029ae63eedfe59e693a2452a78ba

SHA256
a3a2586b95882c2ed122ec337c93b4af03ff93ee53eba7205c3c73045bc3f3b8

SHA512
cf76aa7c992bf8b266cb0a7634bd4e6122981b5854b83dac90343c0072cf5cdda61df941d3de723193fce3458503250310a74d0ac50f4d8e900ee2c88f16c63f

Download Submit