ce14234db488e88e11511027802b1e594f9393d2e0d638af18d843a2cd20a88e

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cb2d7967ca11f1dde5b24ede35f0b40N.exe
Size

468KB
MD5

8cb2d7967ca11f1dde5b24ede35f0b40
SHA1

3b668182b37feeeabe7402b209d5b823212fd9ae
SHA256

ce14234db488e88e11511027802b1e594f9393d2e0d638af18d843a2cd20a88e
SHA512

69904a9f6a35ce8f7e2a0f6b68e8733026c69e6e75468f5c8f4f3d133753085a293bee81ab62bfe8cb317a4eec87f92acd333b3cb892f3b45f97ae638a013693
SSDEEP

3072:0dCHov9Ty35/tbYUPgGBOfj/zC24IIp2ymHeMfwjcZfw74BuXFlk:0dWocJ/tPPXBOff0hncZ4kBuX

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2800	Unicorn-15229.exe
2776	Unicorn-2074.exe
2704	Unicorn-22665.exe
2692	Unicorn-9015.exe
2560	Unicorn-38158.exe
2572	Unicorn-53940.exe
1528	Unicorn-23305.exe
2512	Unicorn-61397.exe
2172	Unicorn-5844.exe
2212	Unicorn-51366.exe
2596	Unicorn-15164.exe
2964	Unicorn-59534.exe
2916	Unicorn-47282.exe
2748	Unicorn-18236.exe
2444	Unicorn-16455.exe
2332	Unicorn-53779.exe
2376	Unicorn-37997.exe
2104	Unicorn-54703.exe
1464	Unicorn-36321.exe
936	Unicorn-34091.exe
2120	Unicorn-23876.exe
892	Unicorn-59342.exe
2416	Unicorn-63063.exe
1508	Unicorn-37220.exe
1692	Unicorn-21455.exe
492	Unicorn-54874.exe
1608	Unicorn-9202.exe
2440	Unicorn-37910.exe
2928	Unicorn-18309.exe
2084	Unicorn-21128.exe
3048	Unicorn-38210.exe
1308	Unicorn-25212.exe
1612	Unicorn-13514.exe
1656	Unicorn-56222.exe
2188	Unicorn-58268.exe
2804	Unicorn-13706.exe
2808	Unicorn-33572.exe
2864	Unicorn-16394.exe
2528	Unicorn-57692.exe
1640	Unicorn-4962.exe
3044	Unicorn-4962.exe
3020	Unicorn-24828.exe
3008	Unicorn-24828.exe
2892	Unicorn-35226.exe
2228	Unicorn-9238.exe
2956	Unicorn-37272.exe
2096	Unicorn-14531.exe
2904	Unicorn-5559.exe
2732	Unicorn-22003.exe
2888	Unicorn-47469.exe
2784	Unicorn-31325.exe
2152	Unicorn-6058.exe
576	Unicorn-19073.exe
1736	Unicorn-64744.exe
332	Unicorn-63997.exe
2368	Unicorn-20534.exe
2380	Unicorn-22581.exe
3068	Unicorn-16450.exe
1216	Unicorn-23135.exe
808	Unicorn-61257.exe
1344	Unicorn-37307.exe
1752	Unicorn-53089.exe
2452	Unicorn-12440.exe
1764	Unicorn-26154.exe

Loads dropped DLL 64 IoCs

pid	Process
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2800	Unicorn-15229.exe
2800	Unicorn-15229.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2776	Unicorn-2074.exe
2776	Unicorn-2074.exe
2800	Unicorn-15229.exe
2800	Unicorn-15229.exe
2704	Unicorn-22665.exe
2704	Unicorn-22665.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2692	Unicorn-9015.exe
2692	Unicorn-9015.exe
2776	Unicorn-2074.exe
2776	Unicorn-2074.exe
2572	Unicorn-53940.exe
2560	Unicorn-38158.exe
2704	Unicorn-22665.exe
2560	Unicorn-38158.exe
2572	Unicorn-53940.exe
2704	Unicorn-22665.exe
1528	Unicorn-23305.exe
1528	Unicorn-23305.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2800	Unicorn-15229.exe
2800	Unicorn-15229.exe
2512	Unicorn-61397.exe
2512	Unicorn-61397.exe
2692	Unicorn-9015.exe
2692	Unicorn-9015.exe
2172	Unicorn-5844.exe
2172	Unicorn-5844.exe
2776	Unicorn-2074.exe
2776	Unicorn-2074.exe
2596	Unicorn-15164.exe
2596	Unicorn-15164.exe
2704	Unicorn-22665.exe
2704	Unicorn-22665.exe
2572	Unicorn-53940.exe
2572	Unicorn-53940.exe
2748	Unicorn-18236.exe
2748	Unicorn-18236.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2964	Unicorn-59534.exe
2964	Unicorn-59534.exe
2560	Unicorn-38158.exe
2916	Unicorn-47282.exe
2560	Unicorn-38158.exe
2916	Unicorn-47282.exe
2800	Unicorn-15229.exe
1528	Unicorn-23305.exe
2800	Unicorn-15229.exe
1528	Unicorn-23305.exe
2332	Unicorn-53779.exe
2332	Unicorn-53779.exe
2512	Unicorn-61397.exe
2512	Unicorn-61397.exe
2376	Unicorn-37997.exe
2376	Unicorn-37997.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
7004	6884	WerFault.exe	599
7024	6876	WerFault.exe	600

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47469.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe
2800	Unicorn-15229.exe
2776	Unicorn-2074.exe
2704	Unicorn-22665.exe
2692	Unicorn-9015.exe
2560	Unicorn-38158.exe
2572	Unicorn-53940.exe
1528	Unicorn-23305.exe
2512	Unicorn-61397.exe
2172	Unicorn-5844.exe
2596	Unicorn-15164.exe
2212	Unicorn-51366.exe
2748	Unicorn-18236.exe
2964	Unicorn-59534.exe
2916	Unicorn-47282.exe
2444	Unicorn-16455.exe
2332	Unicorn-53779.exe
2376	Unicorn-37997.exe
2104	Unicorn-54703.exe
936	Unicorn-34091.exe
1464	Unicorn-36321.exe
2120	Unicorn-23876.exe
892	Unicorn-59342.exe
2416	Unicorn-63063.exe
1508	Unicorn-37220.exe
1692	Unicorn-21455.exe
1608	Unicorn-9202.exe
492	Unicorn-54874.exe
2440	Unicorn-37910.exe
2928	Unicorn-18309.exe
2084	Unicorn-21128.exe
3048	Unicorn-38210.exe
1308	Unicorn-25212.exe
1656	Unicorn-56222.exe
2188	Unicorn-58268.exe
2864	Unicorn-16394.exe
2804	Unicorn-13706.exe
2808	Unicorn-33572.exe
3044	Unicorn-4962.exe
1640	Unicorn-4962.exe
2528	Unicorn-57692.exe
3008	Unicorn-24828.exe
3020	Unicorn-24828.exe
2892	Unicorn-35226.exe
2228	Unicorn-9238.exe
2956	Unicorn-37272.exe
2096	Unicorn-14531.exe
2904	Unicorn-5559.exe
2732	Unicorn-22003.exe
2784	Unicorn-31325.exe
332	Unicorn-63997.exe
2888	Unicorn-47469.exe
2152	Unicorn-6058.exe
1736	Unicorn-64744.exe
576	Unicorn-19073.exe
2368	Unicorn-20534.exe
2380	Unicorn-22581.exe
3068	Unicorn-16450.exe
1216	Unicorn-23135.exe
808	Unicorn-61257.exe
1752	Unicorn-53089.exe
1344	Unicorn-37307.exe
2452	Unicorn-12440.exe
1764	Unicorn-26154.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2800	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	30
PID 2216 wrote to memory of 2800	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	30
PID 2216 wrote to memory of 2800	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	30
PID 2216 wrote to memory of 2800	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	30
PID 2800 wrote to memory of 2776	2800	Unicorn-15229.exe	31
PID 2800 wrote to memory of 2776	2800	Unicorn-15229.exe	31
PID 2800 wrote to memory of 2776	2800	Unicorn-15229.exe	31
PID 2800 wrote to memory of 2776	2800	Unicorn-15229.exe	31
PID 2216 wrote to memory of 2704	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	32
PID 2216 wrote to memory of 2704	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	32
PID 2216 wrote to memory of 2704	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	32
PID 2216 wrote to memory of 2704	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	32
PID 2776 wrote to memory of 2692	2776	Unicorn-2074.exe	33
PID 2776 wrote to memory of 2692	2776	Unicorn-2074.exe	33
PID 2776 wrote to memory of 2692	2776	Unicorn-2074.exe	33
PID 2776 wrote to memory of 2692	2776	Unicorn-2074.exe	33
PID 2800 wrote to memory of 2560	2800	Unicorn-15229.exe	34
PID 2800 wrote to memory of 2560	2800	Unicorn-15229.exe	34
PID 2800 wrote to memory of 2560	2800	Unicorn-15229.exe	34
PID 2800 wrote to memory of 2560	2800	Unicorn-15229.exe	34
PID 2704 wrote to memory of 2572	2704	Unicorn-22665.exe	35
PID 2704 wrote to memory of 2572	2704	Unicorn-22665.exe	35
PID 2704 wrote to memory of 2572	2704	Unicorn-22665.exe	35
PID 2704 wrote to memory of 2572	2704	Unicorn-22665.exe	35
PID 2216 wrote to memory of 1528	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	36
PID 2216 wrote to memory of 1528	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	36
PID 2216 wrote to memory of 1528	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	36
PID 2216 wrote to memory of 1528	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	36
PID 2692 wrote to memory of 2512	2692	Unicorn-9015.exe	37
PID 2692 wrote to memory of 2512	2692	Unicorn-9015.exe	37
PID 2692 wrote to memory of 2512	2692	Unicorn-9015.exe	37
PID 2692 wrote to memory of 2512	2692	Unicorn-9015.exe	37
PID 2776 wrote to memory of 2172	2776	Unicorn-2074.exe	38
PID 2776 wrote to memory of 2172	2776	Unicorn-2074.exe	38
PID 2776 wrote to memory of 2172	2776	Unicorn-2074.exe	38
PID 2776 wrote to memory of 2172	2776	Unicorn-2074.exe	38
PID 2560 wrote to memory of 2964	2560	Unicorn-38158.exe	40
PID 2560 wrote to memory of 2964	2560	Unicorn-38158.exe	40
PID 2560 wrote to memory of 2964	2560	Unicorn-38158.exe	40
PID 2560 wrote to memory of 2964	2560	Unicorn-38158.exe	40
PID 2572 wrote to memory of 2212	2572	Unicorn-53940.exe	39
PID 2572 wrote to memory of 2212	2572	Unicorn-53940.exe	39
PID 2572 wrote to memory of 2212	2572	Unicorn-53940.exe	39
PID 2572 wrote to memory of 2212	2572	Unicorn-53940.exe	39
PID 2704 wrote to memory of 2596	2704	Unicorn-22665.exe	41
PID 2704 wrote to memory of 2596	2704	Unicorn-22665.exe	41
PID 2704 wrote to memory of 2596	2704	Unicorn-22665.exe	41
PID 2704 wrote to memory of 2596	2704	Unicorn-22665.exe	41
PID 1528 wrote to memory of 2916	1528	Unicorn-23305.exe	42
PID 1528 wrote to memory of 2916	1528	Unicorn-23305.exe	42
PID 1528 wrote to memory of 2916	1528	Unicorn-23305.exe	42
PID 1528 wrote to memory of 2916	1528	Unicorn-23305.exe	42
PID 2216 wrote to memory of 2748	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	43
PID 2216 wrote to memory of 2748	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	43
PID 2216 wrote to memory of 2748	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	43
PID 2216 wrote to memory of 2748	2216	8cb2d7967ca11f1dde5b24ede35f0b40N.exe	43
PID 2800 wrote to memory of 2444	2800	Unicorn-15229.exe	44
PID 2800 wrote to memory of 2444	2800	Unicorn-15229.exe	44
PID 2800 wrote to memory of 2444	2800	Unicorn-15229.exe	44
PID 2800 wrote to memory of 2444	2800	Unicorn-15229.exe	44
PID 2512 wrote to memory of 2332	2512	Unicorn-61397.exe	45
PID 2512 wrote to memory of 2332	2512	Unicorn-61397.exe	45
PID 2512 wrote to memory of 2332	2512	Unicorn-61397.exe	45
PID 2512 wrote to memory of 2332	2512	Unicorn-61397.exe	45

C:\Users\Admin\AppData\Local\Temp\8cb2d7967ca11f1dde5b24ede35f0b40N.exe
"C:\Users\Admin\AppData\Local\Temp\8cb2d7967ca11f1dde5b24ede35f0b40N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        9⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37307.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        8⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34692.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        7⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50743.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
        6⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        7⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        6⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
        6⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65430.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        6⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        5⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14356.exe
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        7⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        7⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        6⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-381.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3541.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        5⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        5⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        7⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        6⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        6⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        6⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        7⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        5⤵
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
      4⤵
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
      4⤵
      PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        5⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62005.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
      4⤵
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
      4⤵
      PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
      4⤵
      PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47469.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        5⤵
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        5⤵
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
      4⤵
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
      4⤵
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
      4⤵
      PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
    3⤵
    PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
    3⤵
    PID:5228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        5⤵
        Executes dropped EXE
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11922.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
        6⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        5⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        5⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47324.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        7⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        6⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        5⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        5⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        5⤵
        
        PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
      4⤵
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        5⤵
        
        PID:6876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 188
        6⤵
        Program crash
        
        PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
      4⤵
      PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
        7⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44391.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52911.exe
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        5⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
        5⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        6⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        6⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        6⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61289.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
        5⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
      4⤵
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51394.exe
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        5⤵
        
        PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        5⤵
        
        PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
      4⤵
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      4⤵
      PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
    3⤵
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
    3⤵
    PID:4404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
    3⤵
    PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
    3⤵
    PID:6604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64199.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11250.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
      4⤵
      PID:6612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        5⤵
        
        PID:6884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 188
        6⤵
        Program crash
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
    3⤵
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
      4⤵
      PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
      4⤵
      PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15367.exe
    3⤵
    PID:5472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
    3⤵
    PID:6748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        5⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        6⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        6⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43576.exe
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58492.exe
        5⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
      4⤵
      PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38783.exe
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
      4⤵
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
      4⤵
      PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27089.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
      4⤵
      PID:7100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65324.exe
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26690.exe
      4⤵
      PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
    3⤵
    PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
    3⤵
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
    3⤵
    PID:6180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
      4⤵
      PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
    3⤵
    PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
    3⤵
    PID:5684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
    3⤵
    PID:1480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
    3⤵
    PID:5144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
  2⤵
  PID:1652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
  2⤵
  PID:3612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
  2⤵
  PID:5000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
  2⤵
  PID:2296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
  2⤵
  PID:5656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe

Filesize
468KB

MD5
f100fff6892e62b42ff0f9be86ee2bd5

SHA1
240b5e3221912bec331d5e888965c2a64375e4f7

SHA256
9896d9ba9322e55d68e5b4f3182ee8c5d59a1ca28e7c7afd8947398a492c2e25

SHA512
394ad39b6f6077deda44c71c61a07227243084b1761e56188e540a1bfa04d94eb02dc0cd1af068a1e46a53a8dc7016e5246c13e1d69c3c0df81d0c40d9ed63eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe

Filesize
468KB

MD5
f5036c2d969b9dc2b6f266370bf8b65d

SHA1
7c02c5f84c6ac909f1451b65b4684b3187d135cf

SHA256
587a69b578cc6f1d7e201b01dcb54c01e307d460e2afa9f7536557ebdc21b631

SHA512
aa8bbefd4eed40c5fac211bc904c515932669d902a236660cc603a954810d7d4e065da2fc3c114316309fa5f5deab639305088da2abd02e95fafdc1d2badbd7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe

Filesize
468KB

MD5
729905c0fe5674c7a2e6032035420ac5

SHA1
98dbae09ae2384b1bd442e5b2ad7f7b53f0b43fa

SHA256
f386123cd7ebab95fd2028a8cb1462f39d155fe988dcb79804007d1448451338

SHA512
c3e38dbc45bacaadb2449593127a529a2888f4c5bccc6be3c7026fb5ed3dfe7b1c2ebcea330962b50644029e2c968a7a1fb89b378dccb233b44f4ed9dc337045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe

Filesize
468KB

MD5
dd2d7cf1796cb03a0464e1f12f28d0a1

SHA1
2ecb3131109b19f78b8c88f2037bb09d2f5ebdc4

SHA256
68ad9a56dcae89b61421f9469a860c960189c761fda95ea9746b61b38437f5a9

SHA512
6160542e2950d2c58b35ad0ee2cc9a3ce79b3ecfc3f8c8aeb1230f5450dccfbce970d5afeb9cb4a4bdc2cda61f60571c888999e84263ab622d6552c575af0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe

Filesize
468KB

MD5
60044294f197171fdb086ef98173c2c0

SHA1
df8923f1a7a635664b2cbad23ba4b88a18b3b364

SHA256
ae9b0c4f5bb178c1b9dbe718930b1d7349a750e72806b26a18d240b4e628f005

SHA512
c8823f744f7ab1d7ceba14a1965d9146a23b96076cbdbedb55f3268628e3415602180fe59ffb0952e387b96d4c1e9b0896a0faf2cefcece04628279cc205adf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe

Filesize
468KB

MD5
a6933bcd8402ca725e9ee4f676d22a8b

SHA1
6c226892e2aaa9186301624a415b0406ae502e95

SHA256
6bbe11c654f5e228621816afb268a114e33c914d2c2b75f63278845f6cb6eb20

SHA512
0f6cf584fab249cf57c8b700617b0d68cbc84b7b1f139e962a4bc350aedf19f1b79e42b013db3cee554cff636a60f008dcbb9be1b8fb607f828040f861e0ae87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe

Filesize
468KB

MD5
ea9a6be945c57bb1fb846f7d5d92c47d

SHA1
c210ab5674ac084ac355c7871c480095b252301b

SHA256
74b8e3895e32ee7a7b7c02de8401a7b98317cc52e61e71f42bcc5e54ed5101d3

SHA512
992f990fba8e92a0385c0dd2f7b7dc75ab5db5cc60b2415c4ddd7897d9a96bcddd295ff82ee97a7ef193379c96cce36eff38af0ef89e9be50690bfe892ed92bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe

Filesize
468KB

MD5
29469f175103bce5a04672017cffdd06

SHA1
8d6e5c3689c4c94583f09ebb8850ec4b66fe6bc2

SHA256
621a304c7c7b310cb0c56c856d90fc57c43f93ac1b2f16c8334b853e1412707f

SHA512
6702a8353a9111700c001c4a747c2c52a4bcc7d23c86567641c1eeda36356461a47a1b916017ea67e806050d22c0ad67241195a7ece51e80cc5004d73cedeff8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe

Filesize
468KB

MD5
16b748364711d3661232d2ea553774d6

SHA1
7665b3706a349633b643d089784f0e2933bb42d1

SHA256
96eb782be73164cd974be3f94e60f9d3b84b0beb60a392ed8ae19eaddd9c89a1

SHA512
b3c1e5c7376a4ac7df024d7dc312ba092c3bacd8d1c3885c882534f746529f1bae28be9c7ab254ed220782ee6573a3e1a3d2fcfd7ea544604db4b63e7c79398c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe

Filesize
468KB

MD5
2672d116b638dbd3fd279ce4bc92b9b5

SHA1
643066b57f59dcc1e07a9b3a7f6dfd294914d0bb

SHA256
b362e92d1fe8949e8357c6c6ae8339708ed64a2f2844d9642ea466a4bb88aeee

SHA512
05d2b08c67d0e4c43a405a76a4d83993b4329249ef458fa4a99ea1427cb98f83a6b10dbe575330a8714ad90f675e399cdfab2fd3d7710526af61e38a7925f9f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe

Filesize
468KB

MD5
ed6608bd8ca9953270aabda2b9917a65

SHA1
c90dd968505956f74c247980619a2f9eb73617f1

SHA256
a3db43349f4352a2b33833cdc1b9e8a56ecaff4a73fd50ba8a46948219c05ff5

SHA512
5080bc841ae9b2d759d8dcb84f2df935a863c0dead589febff7e6e11e8ca5ada543c0e8906cfde34791347102da0ce8ab63e50100fc1681fa3282075f4f7674d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe

Filesize
468KB

MD5
d4648c6429d649bf4abbcd7d932f6b06

SHA1
1240bf588838df4d9423fb4c5a10537f91ffbf9d

SHA256
742837be5603a4f01f68f900681ec53dad808557e6ee0500f36e0e4e63b9766d

SHA512
a04075e29612b356672d44c42019a1e8e7f014ea0cf77a600164faf6e09b1c0d97c9f4097e13e09ff9cb892ee707d3d094fc249f2d45d36699b4cb0cd9f76f14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe

Filesize
468KB

MD5
0a18bf3cb414647d17c965748310df98

SHA1
2de489ca457499fcbb87226be5fc622fa28919d4

SHA256
149a19712bfb0163585b752e56ab463bc9bb9781d769bf7b585e0092d03d6e2e

SHA512
c0655ff0c9109719721906d8e388ba8a974ac912ed5ffd1b8fd2ca77cb708a4e53add16154cd08df8a73d1057077789761444472f20f60d57e440a307aac0a61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe

Filesize
468KB

MD5
8370b9b1699838454bcdcd142536c658

SHA1
57703e5b964a383ff37da501041369268aded1c7

SHA256
1a5d1db661946c02b8862962b4d6bbd2365320f7242e2228c78d1b4744732cc2

SHA512
658ea610aebc17d6fc0d3effaaa0a96508ae2417638eea4c52fc7eee33a191646edf3c2b2365ecf3e881c0cda4e637de8fd39a91baa3e75bfdec738255e1e7d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe

Filesize
468KB

MD5
a07c06991821b7e61e79183c35df2fca

SHA1
6d2c827540e12e354f33c6f0e48c4850d2f40480

SHA256
18d6e21cb9d98d335541354b13411592f16050ec57819087da43067c3ab2853b

SHA512
5a7ee458481bf0762b47e7a4c3e0969e6b2b756a21e991a6bab7c7bbc50f588799659ff690c1eae595fcf5303549842827a71e3f5a7930be9ba9ed06271b57b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe

Filesize
468KB

MD5
1050682ab6f92ea2e2b044f3533e78a8

SHA1
beda2aaf5c42417db10043a2d169d5fe4c5f8632

SHA256
58764677e7f67c6a8739f7b0216c5a4f9b54aae1422e555c8d0c4b86f785f8b0

SHA512
8f06c70aaa5c301777b047cb37c7475989ebf78251e7cceb4d96a0d7a5659f608610d906b6008195624304f473685936204eec0753f7c2e7ac5c0b477cf1e76d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe

Filesize
468KB

MD5
ba40d581a5f5f985bd89ac9eb5e39c2b

SHA1
588cf658daccb73eda027e1e41732ca81ce69a9e

SHA256
4e66d6fec96a31b658e2d1f8ddbdba1807c923fa223be4ab25e4003a88b499ae

SHA512
c668073d80b169dcef7ca90a30bf7043d2fa973e67dae179861c6cd06f61803596b21b9f215b61147d209509df3a92d95295a3c03fd8f5656fcdf828ee6c806e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe

Filesize
468KB

MD5
0ed1d884ad0f5a9671701e6285db7266

SHA1
f582c23c16b81ea6627537b5af7c329c57c38851

SHA256
ee509a6a02785750d740116afe358715261d707327bad8581d0bb0df5e733aec

SHA512
a16d9350f33fb9598b1df69e792d913cea12d299a81d3eaec511ca5d3aeffd4ecdf59aef6b71042950c4a14c0f751670a2909730da551e398475378a6582eafc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe

Filesize
468KB

MD5
4b88d6059ad871991395c26c3422684a

SHA1
b1b827fc0943dae5f962dff1b09e940421d90a56

SHA256
ace5a549ae99d1172bae151445e84a4ad5dd3de0861f27a84b37b1432b807bfb

SHA512
fc8260ec6b5899901ffcefed0ab1770b8d599256b8008ed2fab4d5700486953da98d99293ebe3958265fbe3fe91921a4fb8f64b36fe1a4173c0563f7cdb3bd28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe

Filesize
468KB

MD5
872a5ebb5e7197347e7f90659345e855

SHA1
be2fe536ca0883321c8999df89df04ac22bc577e

SHA256
047c40f183c45ac8e84d7d8692aee670320640092ac6d925f6985a7fdec407e8

SHA512
99f19e1da3485f3c950e20a51b4854a279d1fa65edb023d9313214f224a1a5141974b6ee7ae186f1b90bc1ff5666678c9b0c35b59fcad0779d82edd01874ab2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe

Filesize
468KB

MD5
7f8ac4637a901b011b4a17ce0af12801

SHA1
2d80ecbb352241683da1b3f7c0ccaf4325cce6de

SHA256
1088c71f8495c7b937e9db4cf9ee05e2b6caa7d90367d2850b8623a147e415c9

SHA512
714c6fbaf7531c87d814dda19f12383607098200bbaf647e0dd973922828b8fc8ae706463add57eb23669c0c7415339ce6144ff482015b66100744856e926124

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe

Filesize
468KB

MD5
9018689887f0c9865a79a38bdfb8294b

SHA1
99e0737cd5a51dc2b47dc1d3f9b2b47c934e13b5

SHA256
116083c78e208bf51310e9ec0de54d36624c1967f65cc9d5621a81798205f1fd

SHA512
8b12b941844ae9d6d0778243c382f97dc4f360ec9d4788adbf2bb8b33e50a32f849c5d02da9228798d1a60c80d74749508802b139263a8fe25248ca396bf2d88

Download Submit