cbd56ddbd7f77d0944c66e542e54fc596b855ab4c5669009d496bab0ddfa18a8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d25cd60250e95b4f792a419ce7045940N.exe
Size

468KB
MD5

d25cd60250e95b4f792a419ce7045940
SHA1

56859aca6c4dc2ee1215ed98472f1fcced06150a
SHA256

cbd56ddbd7f77d0944c66e542e54fc596b855ab4c5669009d496bab0ddfa18a8
SHA512

369ed37e6a55186acddbc54e07bae8a5f3144441df91ba1612fbba9495c637876ec4f2b2cdc460bb681287f4cbf6c6dfadd1eff519a0c3a40966257b9a81da98
SSDEEP

3072:yhT7ogI5ID5UtbYJHzcicf8/KChCPIpHnLHewVPZxhrL6UcuMZlj:yhHoctUtOH4icfV0q6xhvncuM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1976	Unicorn-59016.exe
3012	Unicorn-9623.exe
2480	Unicorn-9068.exe
2728	Unicorn-50075.exe
2772	Unicorn-36754.exe
2648	Unicorn-29140.exe
3020	Unicorn-42876.exe
2324	Unicorn-57955.exe
2980	Unicorn-12283.exe
1928	Unicorn-50576.exe
1972	Unicorn-1930.exe
760	Unicorn-1375.exe
856	Unicorn-60782.exe
2272	Unicorn-21796.exe
1144	Unicorn-21338.exe
1864	Unicorn-45589.exe
2844	Unicorn-13279.exe
2852	Unicorn-57649.exe
1104	Unicorn-34990.exe
2808	Unicorn-8256.exe
1604	Unicorn-4172.exe
956	Unicorn-3907.exe
1684	Unicorn-24593.exe
324	Unicorn-4287.exe
2356	Unicorn-58889.exe
1728	Unicorn-49097.exe
788	Unicorn-49097.exe
2172	Unicorn-63440.exe
1748	Unicorn-11638.exe
2184	Unicorn-21251.exe
1188	Unicorn-16652.exe
1012	Unicorn-36326.exe
1208	Unicorn-8614.exe
1372	Unicorn-1001.exe
1936	Unicorn-35157.exe
532	Unicorn-17337.exe
292	Unicorn-37203.exe
2800	Unicorn-65526.exe
2320	Unicorn-14544.exe
2680	Unicorn-26259.exe
2712	Unicorn-54085.exe
2668	Unicorn-34235.exe
3064	Unicorn-18453.exe
2528	Unicorn-38319.exe
2556	Unicorn-38319.exe
2580	Unicorn-63378.exe
2436	Unicorn-10093.exe
2992	Unicorn-34043.exe
1960	Unicorn-42211.exe
624	Unicorn-50934.exe
1660	Unicorn-46103.exe
1964	Unicorn-26237.exe
108	Unicorn-986.exe
1868	Unicorn-41057.exe
1620	Unicorn-54271.exe
2964	Unicorn-39014.exe
2392	Unicorn-37233.exe
2836	Unicorn-284.exe
1948	Unicorn-41862.exe
2248	Unicorn-41862.exe
1292	Unicorn-41862.exe
3068	Unicorn-55598.exe
736	Unicorn-41862.exe
1916	Unicorn-55598.exe

Loads dropped DLL 64 IoCs

pid	Process
2336	d25cd60250e95b4f792a419ce7045940N.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
1976	Unicorn-59016.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
1976	Unicorn-59016.exe
2480	Unicorn-9068.exe
3012	Unicorn-9623.exe
2480	Unicorn-9068.exe
3012	Unicorn-9623.exe
1976	Unicorn-59016.exe
1976	Unicorn-59016.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
3012	Unicorn-9623.exe
2772	Unicorn-36754.exe
3012	Unicorn-9623.exe
2772	Unicorn-36754.exe
2648	Unicorn-29140.exe
2648	Unicorn-29140.exe
2480	Unicorn-9068.exe
2480	Unicorn-9068.exe
1976	Unicorn-59016.exe
1976	Unicorn-59016.exe
2728	Unicorn-50075.exe
2728	Unicorn-50075.exe
3020	Unicorn-42876.exe
3020	Unicorn-42876.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
2980	Unicorn-12283.exe
2980	Unicorn-12283.exe
2772	Unicorn-36754.exe
2772	Unicorn-36754.exe
2324	Unicorn-57955.exe
2324	Unicorn-57955.exe
3012	Unicorn-9623.exe
3012	Unicorn-9623.exe
856	Unicorn-60782.exe
856	Unicorn-60782.exe
1928	Unicorn-50576.exe
1928	Unicorn-50576.exe
1976	Unicorn-59016.exe
1976	Unicorn-59016.exe
1144	Unicorn-21338.exe
1144	Unicorn-21338.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
2336	d25cd60250e95b4f792a419ce7045940N.exe
2728	Unicorn-50075.exe
2728	Unicorn-50075.exe
2272	Unicorn-21796.exe
1972	Unicorn-1930.exe
1972	Unicorn-1930.exe
2272	Unicorn-21796.exe
3020	Unicorn-42876.exe
2480	Unicorn-9068.exe
3020	Unicorn-42876.exe
2480	Unicorn-9068.exe
1864	Unicorn-45589.exe
1864	Unicorn-45589.exe
2980	Unicorn-12283.exe
2980	Unicorn-12283.exe
2852	Unicorn-57649.exe
2852	Unicorn-57649.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2860	2172	WerFault.exe	58
1076	1868	WerFault.exe	83
4336	2580	WerFault.exe	76

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62460.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2336	d25cd60250e95b4f792a419ce7045940N.exe
1976	Unicorn-59016.exe
3012	Unicorn-9623.exe
2480	Unicorn-9068.exe
2772	Unicorn-36754.exe
2648	Unicorn-29140.exe
2728	Unicorn-50075.exe
3020	Unicorn-42876.exe
2324	Unicorn-57955.exe
2980	Unicorn-12283.exe
1928	Unicorn-50576.exe
1144	Unicorn-21338.exe
1972	Unicorn-1930.exe
760	Unicorn-1375.exe
2272	Unicorn-21796.exe
856	Unicorn-60782.exe
1864	Unicorn-45589.exe
2852	Unicorn-57649.exe
2844	Unicorn-13279.exe
1104	Unicorn-34990.exe
2808	Unicorn-8256.exe
956	Unicorn-3907.exe
1684	Unicorn-24593.exe
1604	Unicorn-4172.exe
324	Unicorn-4287.exe
788	Unicorn-49097.exe
2356	Unicorn-58889.exe
1728	Unicorn-49097.exe
1748	Unicorn-11638.exe
2172	Unicorn-63440.exe
2184	Unicorn-21251.exe
1188	Unicorn-16652.exe
1012	Unicorn-36326.exe
1208	Unicorn-8614.exe
1372	Unicorn-1001.exe
1936	Unicorn-35157.exe
532	Unicorn-17337.exe
292	Unicorn-37203.exe
2320	Unicorn-14544.exe
2800	Unicorn-65526.exe
2680	Unicorn-26259.exe
2712	Unicorn-54085.exe
3064	Unicorn-18453.exe
2668	Unicorn-34235.exe
2528	Unicorn-38319.exe
2556	Unicorn-38319.exe
2580	Unicorn-63378.exe
2436	Unicorn-10093.exe
2992	Unicorn-34043.exe
1960	Unicorn-42211.exe
624	Unicorn-50934.exe
1660	Unicorn-46103.exe
1964	Unicorn-26237.exe
1868	Unicorn-41057.exe
108	Unicorn-986.exe
1620	Unicorn-54271.exe
2392	Unicorn-37233.exe
2964	Unicorn-39014.exe
2836	Unicorn-284.exe
1948	Unicorn-41862.exe
3068	Unicorn-55598.exe
1292	Unicorn-41862.exe
1916	Unicorn-55598.exe
2248	Unicorn-41862.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1976	2336	d25cd60250e95b4f792a419ce7045940N.exe	31
PID 2336 wrote to memory of 1976	2336	d25cd60250e95b4f792a419ce7045940N.exe	31
PID 2336 wrote to memory of 1976	2336	d25cd60250e95b4f792a419ce7045940N.exe	31
PID 2336 wrote to memory of 1976	2336	d25cd60250e95b4f792a419ce7045940N.exe	31
PID 2336 wrote to memory of 3012	2336	d25cd60250e95b4f792a419ce7045940N.exe	32
PID 2336 wrote to memory of 3012	2336	d25cd60250e95b4f792a419ce7045940N.exe	32
PID 2336 wrote to memory of 3012	2336	d25cd60250e95b4f792a419ce7045940N.exe	32
PID 2336 wrote to memory of 3012	2336	d25cd60250e95b4f792a419ce7045940N.exe	32
PID 1976 wrote to memory of 2480	1976	Unicorn-59016.exe	33
PID 1976 wrote to memory of 2480	1976	Unicorn-59016.exe	33
PID 1976 wrote to memory of 2480	1976	Unicorn-59016.exe	33
PID 1976 wrote to memory of 2480	1976	Unicorn-59016.exe	33
PID 2480 wrote to memory of 2728	2480	Unicorn-9068.exe	35
PID 2480 wrote to memory of 2728	2480	Unicorn-9068.exe	35
PID 2480 wrote to memory of 2728	2480	Unicorn-9068.exe	35
PID 2480 wrote to memory of 2728	2480	Unicorn-9068.exe	35
PID 3012 wrote to memory of 2772	3012	Unicorn-9623.exe	34
PID 3012 wrote to memory of 2772	3012	Unicorn-9623.exe	34
PID 3012 wrote to memory of 2772	3012	Unicorn-9623.exe	34
PID 3012 wrote to memory of 2772	3012	Unicorn-9623.exe	34
PID 1976 wrote to memory of 2648	1976	Unicorn-59016.exe	36
PID 1976 wrote to memory of 2648	1976	Unicorn-59016.exe	36
PID 1976 wrote to memory of 2648	1976	Unicorn-59016.exe	36
PID 1976 wrote to memory of 2648	1976	Unicorn-59016.exe	36
PID 2336 wrote to memory of 3020	2336	d25cd60250e95b4f792a419ce7045940N.exe	37
PID 2336 wrote to memory of 3020	2336	d25cd60250e95b4f792a419ce7045940N.exe	37
PID 2336 wrote to memory of 3020	2336	d25cd60250e95b4f792a419ce7045940N.exe	37
PID 2336 wrote to memory of 3020	2336	d25cd60250e95b4f792a419ce7045940N.exe	37
PID 3012 wrote to memory of 2324	3012	Unicorn-9623.exe	38
PID 3012 wrote to memory of 2324	3012	Unicorn-9623.exe	38
PID 3012 wrote to memory of 2324	3012	Unicorn-9623.exe	38
PID 3012 wrote to memory of 2324	3012	Unicorn-9623.exe	38
PID 2772 wrote to memory of 2980	2772	Unicorn-36754.exe	39
PID 2772 wrote to memory of 2980	2772	Unicorn-36754.exe	39
PID 2772 wrote to memory of 2980	2772	Unicorn-36754.exe	39
PID 2772 wrote to memory of 2980	2772	Unicorn-36754.exe	39
PID 2648 wrote to memory of 1928	2648	Unicorn-29140.exe	40
PID 2648 wrote to memory of 1928	2648	Unicorn-29140.exe	40
PID 2648 wrote to memory of 1928	2648	Unicorn-29140.exe	40
PID 2648 wrote to memory of 1928	2648	Unicorn-29140.exe	40
PID 2480 wrote to memory of 1972	2480	Unicorn-9068.exe	41
PID 2480 wrote to memory of 1972	2480	Unicorn-9068.exe	41
PID 2480 wrote to memory of 1972	2480	Unicorn-9068.exe	41
PID 2480 wrote to memory of 1972	2480	Unicorn-9068.exe	41
PID 1976 wrote to memory of 856	1976	Unicorn-59016.exe	42
PID 1976 wrote to memory of 856	1976	Unicorn-59016.exe	42
PID 1976 wrote to memory of 856	1976	Unicorn-59016.exe	42
PID 1976 wrote to memory of 856	1976	Unicorn-59016.exe	42
PID 2728 wrote to memory of 760	2728	Unicorn-50075.exe	43
PID 2728 wrote to memory of 760	2728	Unicorn-50075.exe	43
PID 2728 wrote to memory of 760	2728	Unicorn-50075.exe	43
PID 2728 wrote to memory of 760	2728	Unicorn-50075.exe	43
PID 3020 wrote to memory of 2272	3020	Unicorn-42876.exe	44
PID 3020 wrote to memory of 2272	3020	Unicorn-42876.exe	44
PID 3020 wrote to memory of 2272	3020	Unicorn-42876.exe	44
PID 3020 wrote to memory of 2272	3020	Unicorn-42876.exe	44
PID 2336 wrote to memory of 1144	2336	d25cd60250e95b4f792a419ce7045940N.exe	45
PID 2336 wrote to memory of 1144	2336	d25cd60250e95b4f792a419ce7045940N.exe	45
PID 2336 wrote to memory of 1144	2336	d25cd60250e95b4f792a419ce7045940N.exe	45
PID 2336 wrote to memory of 1144	2336	d25cd60250e95b4f792a419ce7045940N.exe	45
PID 2980 wrote to memory of 1864	2980	Unicorn-12283.exe	46
PID 2980 wrote to memory of 1864	2980	Unicorn-12283.exe	46
PID 2980 wrote to memory of 1864	2980	Unicorn-12283.exe	46
PID 2980 wrote to memory of 1864	2980	Unicorn-12283.exe	46

C:\Users\Admin\AppData\Local\Temp\d25cd60250e95b4f792a419ce7045940N.exe
"C:\Users\Admin\AppData\Local\Temp\d25cd60250e95b4f792a419ce7045940N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        9⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        8⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        7⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        7⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        7⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        7⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        8⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        6⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
        6⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        6⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        5⤵
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        6⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        7⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        6⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        6⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        6⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        5⤵
        
        PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        5⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        7⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
      4⤵
      PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63114.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        6⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        5⤵
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        5⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29854.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
      4⤵
      PID:6320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        6⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        6⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        5⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
      4⤵
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      4⤵
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        5⤵
        
        PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
    3⤵
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
    3⤵
    PID:5168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
    3⤵
    PID:6064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65131.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        7⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        6⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13721.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        7⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        6⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        7⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        Executes dropped EXE
        
        PID:736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56907.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        6⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        5⤵
        
        PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
      4⤵
      PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36326.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7758.exe
        7⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        6⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        7⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        6⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        5⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        6⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12054.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
      4⤵
      PID:6628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        6⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        5⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14426.exe
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        5⤵
        
        PID:660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
      4⤵
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      4⤵
      PID:6476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        5⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      4⤵
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46275.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
      4⤵
      PID:6696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
    3⤵
    PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
    3⤵
    PID:4228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
    3⤵
    PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
    3⤵
    PID:6936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        7⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60564.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        5⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
      4⤵
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
      4⤵
      PID:6376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
      4⤵
      Program crash
      PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
      4⤵
      PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
      4⤵
      PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        5⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23684.exe
      4⤵
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
      4⤵
      PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        5⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      4⤵
      PID:3132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
      4⤵
      Program crash
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
    3⤵
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
      4⤵
      PID:6728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
    3⤵
    PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
    3⤵
    PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    3⤵
    PID:6808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
      4⤵
      PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
    3⤵
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42810.exe
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
    3⤵
    PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
    3⤵
    PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
    3⤵
    PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8288.exe
    3⤵
    PID:6632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
    3⤵
    - Program crash
    PID:1076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
  2⤵
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
    3⤵
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    3⤵
    PID:560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
    3⤵
    PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
    3⤵
    PID:6592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
  2⤵
  PID:3180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
  2⤵
  PID:4436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
  2⤵
  PID:4168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
  2⤵
  PID:5660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
  2⤵
  PID:6836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe

Filesize
468KB

MD5
822c814e81f4620fc2f8ed4ddc31387f

SHA1
950db2e97ae853e2a5417171b62209926c29dde5

SHA256
31c7b164a564ec4c5152bc74b6ada7b3df2aed414ccc2c44c9e5e9d3b31ddd56

SHA512
aca6e76d6acbf90b4cbfaa75f12c271e9d3aa7445735a9cac4fd9413979bf4847736585c7b40a7b7a19fbc087e0db59460dc3d8232e0e8c4f0a56c2fac31c489

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe

Filesize
468KB

MD5
0db30dc110cb77fd277ea98e09ce2111

SHA1
7c60c3563ab3231bbf8c44a1580025a4de339ffc

SHA256
8e50c88fe8bbe638ca600deb65cb5bae450465f26a03a9f84b398d23ef5cce54

SHA512
c36b5e13d5477f1fb5712ec7755e52be57fbf511c8e2d3d0cc953ecbcf66b5227f1e6728a486baf3dcb2adbbaab88a6da984b73370618d000842070dafc132d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe

Filesize
468KB

MD5
16eba7e506d71a8f87364fc1a8dd9e8a

SHA1
dfe23813cd94b4fc6786c1a89dba6db1c24864b0

SHA256
9112112f2f5b715f4b3cab3510a253cfb47bb41103a9be8fc32709d045607a5a

SHA512
e1c12b93e435aa00c79c9058341afb8f7c08f32960940062ba52d1145b41a0a4aa0aebf18320d2e3360118d8fcf10d38c2d0dabca0a2eb6b8f8f41efb93d9b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe

Filesize
468KB

MD5
6187999a9a1315b6f571f393202dc4aa

SHA1
e3fafdbcbe54ba57b83ce2774fb5abeac817e8df

SHA256
7d9550c6f71f6af067fc2072dbab468ec75306d7e60e9b17e3ffa45cac0690b6

SHA512
14a435ffb1b0d226773178ebb4af22c49ebf6f897a288ddd2a3cd4617cf0f6c304f2ae047f7107a2df7642f21ee198a5c25d8d7086985044569fba51256930da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe

Filesize
468KB

MD5
6e3434d0c399c7df91292f44d07994cb

SHA1
ea84a8a202415b9088cbec1138efa171269dd5ea

SHA256
169e7d307c3cd5002257984c6a869e78d139e2029d2172e5a75183ce91e49645

SHA512
fcfa776f9af38498a08dff98b19423a47c50b5ab4c3ff8e6d009e9b63c3fe6085cb10644d1a0bd4abb5298e7c709247dbb2ff54cb4fa3a672b8e6faffa937d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe

Filesize
468KB

MD5
d5fee349aa59c8257352c667ab316f93

SHA1
1780f6c29677fb7db8c6c6dff10be9a27270ec7b

SHA256
eb2d56cc35648fd8ded5871afb0456ae4773ae4c9ffaf1dcc58e4825e163b9db

SHA512
151b24ad41e748c01ab673a0f74aa3fcbdbd4e43260a1efb838a80efb98529499859e556020680dd22bf60183ee9a7dfd60dcd8e3aba040703e7d99d05563774

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12283.exe

Filesize
468KB

MD5
8b42759cd3bf3a53f1aecfbcbf9dc894

SHA1
1e1d804fa4c0319929e265176e95a2b55c228324

SHA256
6c49e03ce2d0fc5c554759ed49f0ee36d9c3a9f682f5ecc7d837a91275f9a543

SHA512
07cb0ecf893a78eec2f1686188514209a5be3f262f4c75d431dd277839b493e08a48365ff38e7e17be0884584745448c710de7dbbbea051c81e16e3e4ca9b1de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe

Filesize
468KB

MD5
edb811c98f28e29c836c17027517ccab

SHA1
4547b09dad89e24da37f3ebd4a19d78542db532e

SHA256
39f199bec8c6e316a3a4693ffbd08dd34a300dcb023fa8ee776ba83d7fed703c

SHA512
de295e8c71fa3818fc4a7d4ef82723cff5f7163e88c5d11b00245e205bbc5c6d60ddf273bf0d1722e9e30a4f8c3a5bff611250d09a5e3658ba733463018b7122

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe

Filesize
468KB

MD5
8ffb1bef63d57483ec56dd61110099b9

SHA1
605241fb929cb24d13ca56f25493914c75486404

SHA256
93873479b129d2ce3ec3a1f48f3fa41282940b6006a1c891eb0f1546d8efb158

SHA512
1fd2d04c6f625fb0dbc5e88fb5bc9686d70fe64efb796356e732d3c346d6c457e9f4ea19e686a028ebef4fd4cec7ba9b6c78ccca53bdf6342912c41d20f50e2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe

Filesize
468KB

MD5
e397e81c573fb9e4c6db72555a8496f2

SHA1
48544bd1b50ba7f32602fb6ba256d37c2bae75a3

SHA256
701401fd10e0cc15536e87f77f8994709e7bbb6c5bda1d8f36a8f53768d53232

SHA512
1528b5b82b25dce1bdb6ef053ab0e21c8a5a2f6ad3c1d8c55bbe76af3b3cab7f7c56e779b50e581e54227c62c9450df24f7b18d5668e572b383fa04a879e4fd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29140.exe

Filesize
468KB

MD5
6325428b2429079bbca0fc5b75848dde

SHA1
c826d29708e2b2f1d54f801901760b342b0187b6

SHA256
430911eaa8d136d712d6f6920c2e17507ecfc257578c6c42612966e22a1ed80a

SHA512
8fdc47baf70527888abfda71e693616adccdfb4fce74be15749c2547ce4acef4f1b7b42cf91af5a85e859e5df27cd77e06ef1e0eac0663ca8f91211d2469476b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34990.exe

Filesize
468KB

MD5
71c31189b53cb410069ab46bd6d43892

SHA1
b69d2c2275cc39a2e59d640d7e1a854a87b69365

SHA256
fa81d3f55ea836ba797905b15e9256e1f8342652645ad22d17623cdc4ac3ec98

SHA512
d48fa792083f8ef3419117d46cc43f2ebdc0d72f3f9c9f7890c6eb2fd20a603d92ead9efd9e8640ae5836d606137f519ccc75e5003fcd1e1daec0daef9e41dae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe

Filesize
468KB

MD5
75ce7e6c26726c652229e7a4ea454445

SHA1
00c9d11cfaea2529906e6d2f438b9e59a6e53da5

SHA256
432b2ffb480d91203c86ace23cfae7a3d203b6f21a9206a3d50a79c6492335d2

SHA512
4838622838f68fff7eff07fe08af8267225e2d1d364e11b17bf8594b0de34aa0ee1ee8b0ea2e3a097da7a2ee106634409bcbc3c54032d70a3575e8889234213f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe

Filesize
468KB

MD5
b25028f1f6474092fd4a2016cb9df088

SHA1
4b17940f83d1dbffbe41c066c5f6a2c879bcdf44

SHA256
88c74ecb679bc1acd1dcc713431fe8a4bf67afe8225ffb5566fa3f5d5479734f

SHA512
21200999cf1dc498298306226fa89a78dfeacc23f62cf58493606636af999bec7f02038a542563ad0297658f39add0a20bbce52396e441e7612a62e80371a208

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe

Filesize
468KB

MD5
f126ff0e29595c77ee1b7b2c97ab8955

SHA1
09c29ed39cfed6b6b37851d2fcb43de7fae4ff9c

SHA256
cf86c54bf82ba5945de1453673261b107f0bf2ddf806d323d19d05903e99f7fe

SHA512
770fb6aa12bdd1883c6fdaa38d44e469ef022de3017928c448e093e419688b184dbb0059286eca2519c841d114e3562daa6cc085577ecf68ba484aa276b6b370

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50075.exe

Filesize
468KB

MD5
adb6bd84fa897c0d9fbd518a596eeccc

SHA1
f987f4dbda8bbf23b8970a66f7a875f8fdf99b45

SHA256
0061b7cd04eccb9bf0ec3ecc3f046ea41b265d776f15db6d9b7f4c70f4cd5b6a

SHA512
4e6dac10bd7e90c0cd4e670a02d101d07e8df610d4b782e77551f61c4f57c102e242a4d32cd3cb078fb0e8e744ce20d81d2991d4e51309af961f6ae8ec62c0c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe

Filesize
468KB

MD5
f46c68e01676348569d78eea9e47af7d

SHA1
eec093e840df5ce6394eb7924438a14c02522ef3

SHA256
7b900695d11b8a6d78cfbacb1c8002774f9373cbb1e8dbda3ef472b55f05cc3b

SHA512
e17f5cdc10a4f98def9fd60a2632573f65404980abcba63932f8298f208e3467c12940bf0a2e33c9810b4761fb1d6b7ae244894baac357700e804d1dea1b181c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe

Filesize
468KB

MD5
5f0b2fe2b711ec933e53a32881896f2f

SHA1
b518ace5ec0f7fca24c19ff012d232c891b10233

SHA256
ea9d8683d63a6d36cff35c0a05c600918d878b4947e5d895efc7a690b932d62d

SHA512
b37ff513316926e3b478171ccffa58ed7098a622de83ef8ef0c256ad4f1b88564456cf0098245d1f3b62d20436c93f9b9b07bb34417286ac63718208f3c76061

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe

Filesize
468KB

MD5
fa1be8c8ea2841e68fbca251913745e3

SHA1
465da39d571a0c071d57b91e930577e1dccb7440

SHA256
89165a1691a5666c5566a9cc0d5f01ce55cd6e7b7a2a275d370e39b7df2c5415

SHA512
5ef80c1fcb6bda4c915c1e70194adebaacc2052a4dd8466b63d1810c42a5a38f63cf83f54ad9d340b4de2287b05bada9b037ecc2053bf367c82661962fcf45e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe

Filesize
468KB

MD5
7467bf5edb14506c3b6166d578f7ee18

SHA1
b2f67ffa39ad93e1bce483a5392e20d475c152b8

SHA256
928dbdbe45c5490bdee9e5e1efd241c374e28b769535d6974b0e6e61f9261ecc

SHA512
e7c14fde35d745446ba5e0642c407cc73c4aa40d8fa3962c4a7b7c078b63ce04f336387238076d2280096ca9dc76190adf2f356fbe3fa94d1b8bc924f00690f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe

Filesize
468KB

MD5
db66ceaee86212c4388a6a02a155fdd5

SHA1
c015c2712958642ea7dae0d491515044f0e7d063

SHA256
8ee94b5b78a5118db4591db9ffe51141c887abb39d74098021d5380fcd42f671

SHA512
1a6d10532720b0c7e8e16a359eca7ede36cff27b4da84d4a0843609b5216cdca01e9a45f8e24d3759b6d811de3a2c01536d9211cd2eb0a2b122aa341b67b52c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe

Filesize
468KB

MD5
05bfac826d9837517eadc6976e460637

SHA1
27d90392b19c934cc21bf73b8cf02de597a9a3a7

SHA256
9a134e3fdf8eb6dcd0139374a0ce1f39161e276230dc3abd887bc5cf5fcee930

SHA512
29df5b250f9c57f6cdab6baa555b16156014a84afe5ada843ca7a1b5106d5e5f8083b48f92b7e100894382115c61b87931136cdc5e23d2f6749da1fdcea87845

Download Submit