7c506cb46333e47e50ab973013075328bf54dae1f77e30d7fe2a78632dd301f0

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f3b75fe12687f3dd51a01fb33d3b120N.exe
Size

468KB
MD5

2f3b75fe12687f3dd51a01fb33d3b120
SHA1

233b4396a7662ea4e66af928c99dff847cb5ea33
SHA256

7c506cb46333e47e50ab973013075328bf54dae1f77e30d7fe2a78632dd301f0
SHA512

705734899d94437919caf792ea5e03f2bcf88a37945eb27f507975d87843cb0606ee9c16836eac5e5baf112270713ec0f1c48c295786b119d7bdf9c821a5fea7
SSDEEP

3072:MbyUoQOdI05H6bYJPzHjJf8/J9sS1qplnmHexV3yJaz8CNIHyblv:MbNoG8H6OPzjJfYCj2JagKIHy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2000	Unicorn-30307.exe
1908	Unicorn-33627.exe
2040	Unicorn-54562.exe
2680	Unicorn-17329.exe
2736	Unicorn-29537.exe
2828	Unicorn-3872.exe
2840	Unicorn-151.exe
2600	Unicorn-43587.exe
2088	Unicorn-39673.exe
2196	Unicorn-26675.exe
768	Unicorn-55818.exe
1068	Unicorn-3632.exe
1856	Unicorn-26291.exe
1328	Unicorn-9497.exe
1848	Unicorn-7518.exe
1752	Unicorn-35592.exe
2628	Unicorn-17532.exe
2052	Unicorn-35016.exe
2204	Unicorn-54690.exe
760	Unicorn-51248.exe
580	Unicorn-24130.exe
1940	Unicorn-53273.exe
1036	Unicorn-7601.exe
1016	Unicorn-22869.exe
1748	Unicorn-22604.exe
1324	Unicorn-3880.exe
740	Unicorn-46419.exe
2312	Unicorn-64446.exe
2368	Unicorn-10455.exe
2320	Unicorn-30129.exe
2272	Unicorn-52059.exe
1728	Unicorn-20529.exe
2104	Unicorn-62338.exe
1996	Unicorn-51940.exe
1740	Unicorn-48219.exe
2168	Unicorn-61954.exe
1680	Unicorn-36289.exe
1712	Unicorn-47835.exe
2348	Unicorn-37524.exe
2864	Unicorn-35806.exe
2728	Unicorn-16205.exe
2220	Unicorn-19543.exe
2820	Unicorn-14289.exe
2652	Unicorn-35687.exe
3044	Unicorn-3891.exe
1528	Unicorn-12916.exe
1660	Unicorn-1981.exe
2004	Unicorn-21847.exe
1072	Unicorn-12333.exe
888	Unicorn-17933.exe
1924	Unicorn-37799.exe
1392	Unicorn-47621.exe
1360	Unicorn-42672.exe
2440	Unicorn-55479.exe
2452	Unicorn-58816.exe
2448	Unicorn-6365.exe
1716	Unicorn-45168.exe
832	Unicorn-40185.exe
836	Unicorn-11727.exe
2044	Unicorn-36704.exe
1084	Unicorn-45370.exe
1696	Unicorn-25769.exe
560	Unicorn-12770.exe
2424	Unicorn-41529.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2000	Unicorn-30307.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2000	Unicorn-30307.exe
1908	Unicorn-33627.exe
1908	Unicorn-33627.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2040	Unicorn-54562.exe
2040	Unicorn-54562.exe
2000	Unicorn-30307.exe
2000	Unicorn-30307.exe
2680	Unicorn-17329.exe
2680	Unicorn-17329.exe
2828	Unicorn-3872.exe
2828	Unicorn-3872.exe
2040	Unicorn-54562.exe
2040	Unicorn-54562.exe
2840	Unicorn-151.exe
2840	Unicorn-151.exe
2000	Unicorn-30307.exe
2000	Unicorn-30307.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2600	Unicorn-43587.exe
2600	Unicorn-43587.exe
2680	Unicorn-17329.exe
2680	Unicorn-17329.exe
1908	Unicorn-33627.exe
1908	Unicorn-33627.exe
2736	Unicorn-29537.exe
2736	Unicorn-29537.exe
768	Unicorn-55818.exe
768	Unicorn-55818.exe
2040	Unicorn-54562.exe
2040	Unicorn-54562.exe
1068	Unicorn-3632.exe
1068	Unicorn-3632.exe
2828	Unicorn-3872.exe
1856	Unicorn-26291.exe
2828	Unicorn-3872.exe
1856	Unicorn-26291.exe
2000	Unicorn-30307.exe
1328	Unicorn-9497.exe
2000	Unicorn-30307.exe
1328	Unicorn-9497.exe
2840	Unicorn-151.exe
2840	Unicorn-151.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
1848	Unicorn-7518.exe
1848	Unicorn-7518.exe
2600	Unicorn-43587.exe
2600	Unicorn-43587.exe
2628	Unicorn-17532.exe
2628	Unicorn-17532.exe
1908	Unicorn-33627.exe
1908	Unicorn-33627.exe
1752	Unicorn-35592.exe
1752	Unicorn-35592.exe
2680	Unicorn-17329.exe
2680	Unicorn-17329.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1864	560	WerFault.exe	93
4720	2704	WerFault.exe	180
7528	6788	WerFault.exe	604

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25901.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe
2000	Unicorn-30307.exe
1908	Unicorn-33627.exe
2040	Unicorn-54562.exe
2680	Unicorn-17329.exe
2828	Unicorn-3872.exe
2840	Unicorn-151.exe
2736	Unicorn-29537.exe
2600	Unicorn-43587.exe
2196	Unicorn-26675.exe
768	Unicorn-55818.exe
1856	Unicorn-26291.exe
1068	Unicorn-3632.exe
1328	Unicorn-9497.exe
1848	Unicorn-7518.exe
1752	Unicorn-35592.exe
2628	Unicorn-17532.exe
2052	Unicorn-35016.exe
2204	Unicorn-54690.exe
760	Unicorn-51248.exe
580	Unicorn-24130.exe
1016	Unicorn-22869.exe
1940	Unicorn-53273.exe
1748	Unicorn-22604.exe
1036	Unicorn-7601.exe
1324	Unicorn-3880.exe
740	Unicorn-46419.exe
2312	Unicorn-64446.exe
2368	Unicorn-10455.exe
2320	Unicorn-30129.exe
2272	Unicorn-52059.exe
2104	Unicorn-62338.exe
1728	Unicorn-20529.exe
1996	Unicorn-51940.exe
1740	Unicorn-48219.exe
2168	Unicorn-61954.exe
1680	Unicorn-36289.exe
1712	Unicorn-47835.exe
2348	Unicorn-37524.exe
2864	Unicorn-35806.exe
2728	Unicorn-16205.exe
2220	Unicorn-19543.exe
2820	Unicorn-14289.exe
2652	Unicorn-35687.exe
3044	Unicorn-3891.exe
1528	Unicorn-12916.exe
1660	Unicorn-1981.exe
2004	Unicorn-21847.exe
1072	Unicorn-12333.exe
1924	Unicorn-37799.exe
888	Unicorn-17933.exe
1392	Unicorn-47621.exe
1360	Unicorn-42672.exe
2440	Unicorn-55479.exe
2452	Unicorn-58816.exe
1716	Unicorn-45168.exe
2448	Unicorn-6365.exe
832	Unicorn-40185.exe
836	Unicorn-11727.exe
1696	Unicorn-25769.exe
2044	Unicorn-36704.exe
560	Unicorn-12770.exe
1084	Unicorn-45370.exe
2424	Unicorn-41529.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2000	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	30
PID 2356 wrote to memory of 2000	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	30
PID 2356 wrote to memory of 2000	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	30
PID 2356 wrote to memory of 2000	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	30
PID 2356 wrote to memory of 1908	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	32
PID 2356 wrote to memory of 1908	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	32
PID 2356 wrote to memory of 1908	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	32
PID 2356 wrote to memory of 1908	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	32
PID 2000 wrote to memory of 2040	2000	Unicorn-30307.exe	31
PID 2000 wrote to memory of 2040	2000	Unicorn-30307.exe	31
PID 2000 wrote to memory of 2040	2000	Unicorn-30307.exe	31
PID 2000 wrote to memory of 2040	2000	Unicorn-30307.exe	31
PID 1908 wrote to memory of 2680	1908	Unicorn-33627.exe	33
PID 1908 wrote to memory of 2680	1908	Unicorn-33627.exe	33
PID 1908 wrote to memory of 2680	1908	Unicorn-33627.exe	33
PID 1908 wrote to memory of 2680	1908	Unicorn-33627.exe	33
PID 2356 wrote to memory of 2736	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	34
PID 2356 wrote to memory of 2736	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	34
PID 2356 wrote to memory of 2736	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	34
PID 2356 wrote to memory of 2736	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	34
PID 2040 wrote to memory of 2828	2040	Unicorn-54562.exe	35
PID 2040 wrote to memory of 2828	2040	Unicorn-54562.exe	35
PID 2040 wrote to memory of 2828	2040	Unicorn-54562.exe	35
PID 2040 wrote to memory of 2828	2040	Unicorn-54562.exe	35
PID 2000 wrote to memory of 2840	2000	Unicorn-30307.exe	36
PID 2000 wrote to memory of 2840	2000	Unicorn-30307.exe	36
PID 2000 wrote to memory of 2840	2000	Unicorn-30307.exe	36
PID 2000 wrote to memory of 2840	2000	Unicorn-30307.exe	36
PID 2680 wrote to memory of 2600	2680	Unicorn-17329.exe	38
PID 2680 wrote to memory of 2600	2680	Unicorn-17329.exe	38
PID 2680 wrote to memory of 2600	2680	Unicorn-17329.exe	38
PID 2680 wrote to memory of 2600	2680	Unicorn-17329.exe	38
PID 2828 wrote to memory of 2196	2828	Unicorn-3872.exe	40
PID 2828 wrote to memory of 2196	2828	Unicorn-3872.exe	40
PID 2828 wrote to memory of 2196	2828	Unicorn-3872.exe	40
PID 2828 wrote to memory of 2196	2828	Unicorn-3872.exe	40
PID 2040 wrote to memory of 768	2040	Unicorn-54562.exe	41
PID 2040 wrote to memory of 768	2040	Unicorn-54562.exe	41
PID 2040 wrote to memory of 768	2040	Unicorn-54562.exe	41
PID 2040 wrote to memory of 768	2040	Unicorn-54562.exe	41
PID 2840 wrote to memory of 1856	2840	Unicorn-151.exe	42
PID 2840 wrote to memory of 1856	2840	Unicorn-151.exe	42
PID 2840 wrote to memory of 1856	2840	Unicorn-151.exe	42
PID 2840 wrote to memory of 1856	2840	Unicorn-151.exe	42
PID 2000 wrote to memory of 1068	2000	Unicorn-30307.exe	43
PID 2000 wrote to memory of 1068	2000	Unicorn-30307.exe	43
PID 2000 wrote to memory of 1068	2000	Unicorn-30307.exe	43
PID 2000 wrote to memory of 1068	2000	Unicorn-30307.exe	43
PID 2356 wrote to memory of 1328	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	44
PID 2356 wrote to memory of 1328	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	44
PID 2356 wrote to memory of 1328	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	44
PID 2356 wrote to memory of 1328	2356	2f3b75fe12687f3dd51a01fb33d3b120N.exe	44
PID 2600 wrote to memory of 1848	2600	Unicorn-43587.exe	45
PID 2600 wrote to memory of 1848	2600	Unicorn-43587.exe	45
PID 2600 wrote to memory of 1848	2600	Unicorn-43587.exe	45
PID 2600 wrote to memory of 1848	2600	Unicorn-43587.exe	45
PID 2680 wrote to memory of 1752	2680	Unicorn-17329.exe	46
PID 2680 wrote to memory of 1752	2680	Unicorn-17329.exe	46
PID 2680 wrote to memory of 1752	2680	Unicorn-17329.exe	46
PID 2680 wrote to memory of 1752	2680	Unicorn-17329.exe	46
PID 1908 wrote to memory of 2628	1908	Unicorn-33627.exe	47
PID 1908 wrote to memory of 2628	1908	Unicorn-33627.exe	47
PID 1908 wrote to memory of 2628	1908	Unicorn-33627.exe	47
PID 1908 wrote to memory of 2628	1908	Unicorn-33627.exe	47

C:\Users\Admin\AppData\Local\Temp\2f3b75fe12687f3dd51a01fb33d3b120N.exe
"C:\Users\Admin\AppData\Local\Temp\2f3b75fe12687f3dd51a01fb33d3b120N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        10⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
        10⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        9⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        7⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        7⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        7⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        6⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        6⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        6⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59386.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        7⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        6⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        6⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        8⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        7⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        6⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        6⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 200
        7⤵
        Program crash
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        6⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        6⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        6⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        5⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        5⤵
        
        PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5062.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        6⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        8⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        7⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        7⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        6⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        6⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        5⤵
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
        5⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        5⤵
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      4⤵
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        5⤵
        
        PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30173.exe
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
      4⤵
      PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
      4⤵
      PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      4⤵
      PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
      4⤵
      PID:8868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12162.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        7⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        6⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        6⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        7⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        5⤵
        
        PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        7⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        6⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        6⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        6⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        5⤵
        
        PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
      4⤵
      PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
      4⤵
      PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48610.exe
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        7⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        6⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        6⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        6⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        6⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        6⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        5⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        5⤵
        
        PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        7⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        7⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        6⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
        5⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        6⤵
        
        PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
      4⤵
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        5⤵
        
        PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41032.exe
      4⤵
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
      4⤵
      PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
      4⤵
      PID:8588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        5⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        5⤵
        
        PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        6⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42934.exe
      4⤵
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
      4⤵
      PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
      4⤵
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
      4⤵
      PID:7564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        6⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        5⤵
        
        PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
      4⤵
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      4⤵
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
      4⤵
      PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
      4⤵
      PID:8728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
    3⤵
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        5⤵
        
        PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
      4⤵
      PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      4⤵
      PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      4⤵
      PID:9076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
    3⤵
    PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
      4⤵
      PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
      4⤵
      PID:8936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
    3⤵
    PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
    3⤵
    PID:6744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
    3⤵
    PID:7472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
    3⤵
    PID:8632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        9⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        9⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        8⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54528.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        7⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        7⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        7⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        6⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        6⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        6⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        6⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
        5⤵
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45858.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        7⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
        7⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56158.exe
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        6⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        5⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        6⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
      4⤵
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        5⤵
        
        PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
      4⤵
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
      4⤵
      PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
      4⤵
      PID:8968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
    3⤵
    - Executes dropped EXE
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        6⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        6⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        5⤵
        
        PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30178.exe
        6⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        5⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12481.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        5⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        5⤵
        
        PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
      4⤵
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43299.exe
        5⤵
        
        PID:6788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 188
        6⤵
        Program crash
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        5⤵
        
        PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      4⤵
      PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
      4⤵
      PID:7944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        5⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
      4⤵
      PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
      4⤵
      PID:8340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
        5⤵
        
        PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
      4⤵
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
      4⤵
      PID:9012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
    3⤵
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
      4⤵
      PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
      4⤵
      PID:8504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
      4⤵
      PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
      4⤵
      PID:8384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
    3⤵
    PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
    3⤵
    PID:7884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
    3⤵
    PID:8908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        6⤵
        Program crash
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        5⤵
        
        PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        5⤵
        
        PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
      4⤵
      PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
      4⤵
      PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
      4⤵
      PID:8272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        5⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        5⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        5⤵
        
        PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
      4⤵
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
      4⤵
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
      4⤵
      PID:7732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe
    3⤵
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
      4⤵
      PID:8152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
    3⤵
    PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
    3⤵
    PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
    3⤵
    PID:6732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
    3⤵
    PID:8072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
    3⤵
    PID:8196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
        6⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        7⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        6⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        5⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
      4⤵
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
      4⤵
      PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
      4⤵
      PID:8916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        5⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        5⤵
        
        PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
      4⤵
      PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
      4⤵
      PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
    3⤵
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
      4⤵
      PID:8820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
    3⤵
    PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
    3⤵
    PID:7984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
    3⤵
    PID:9120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
    3⤵
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
      4⤵
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
      4⤵
      PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      4⤵
      PID:9064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
    3⤵
    PID:7640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
    3⤵
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      4⤵
      PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8496.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      4⤵
      PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
      4⤵
      PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
      4⤵
      PID:8480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
    3⤵
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
      4⤵
      PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
      4⤵
      PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42099.exe
      4⤵
      PID:8408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
    3⤵
    PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    3⤵
    PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
    3⤵
    PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
    3⤵
    PID:7244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
    3⤵
    PID:8368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
  2⤵
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
    3⤵
    PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25623.exe
    3⤵
    PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
    3⤵
    PID:7456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
    3⤵
    PID:7808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7618.exe
  2⤵
  PID:3392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
  2⤵
  PID:4920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
  2⤵
  PID:5592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
  2⤵
  PID:6032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
  2⤵
  PID:7772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
  2⤵
  PID:9000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe

Filesize
468KB

MD5
5f5f7aee4d3e35f4abe1d20eee0f4aa2

SHA1
2abfee73469a1f3e51cf9c91ab9c5688cf4f1e75

SHA256
483db66ad3df50c6d557934ed19e4d2f9a13f6154279ff1c92d3246bd3165875

SHA512
fd7efacffe83c367c040de09e81bd2add098e487ff6fa1111cb9b48ad6e59ef5f1c4624cc4b575fc7b32f97cdc86c4b1eb402b30879036ab70bbc6c1815998e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe

Filesize
468KB

MD5
273bd61ecfcf67e0519819f67b6f0fb1

SHA1
751b056d01b6c64d0879f5047f044b5fe0f5e7d4

SHA256
c481b656777a5273a76f831831798b497ae6e8e8bb59984010a338dc99834808

SHA512
4b3094441c73cdb40454d577c2d77f262daccc8ada1feca559ae734c945a2f38ef29e91d2fe00aff9225aaf90c43a3e05982bab3c7297ef1f1265120be4cb7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe

Filesize
468KB

MD5
34d6178374c8ae605e102d8d0bf392f4

SHA1
28c871115d38e17c98251289c2354ffe65a85b3b

SHA256
a49adff6b20519f0d02fff2fd6cd782c6cbc12b3d0ce55c9672c6907515ab47a

SHA512
680e63f9f9e08382b21171acfe64e75860c04b89dc841ebaa256d9576dd4c3305f510b93f7653c42aa91d08b5d185cd27c4ea6e4f18a0334b0e7b87e91df7704

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe

Filesize
468KB

MD5
5081644b6a40f95fbc94775ed23ad85b

SHA1
afffe1f68eab7e528f46a50ac678055c15b33e62

SHA256
4259db747acf86aee1380d5dc3d6ce052e3067eedda6d93b758340ab227c410f

SHA512
76935776ef7552da766e120ed97a6fe0dd8f1a3613e51497e5ac40dafb1bc026115099cabb2665e7f9a4c1879309e3e9bef8a3f2fd25e4b303d395ed05fa4c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe

Filesize
468KB

MD5
03d432ad462cf1a485d67926c1b200a0

SHA1
294f4b3ae8ec2229a45b0965d4b37e8eafa356c5

SHA256
073b1fa5c886af6b8a4b00fcae96548986666f0b18c655fb0b33a2ac21f8c7ce

SHA512
66493a385c6d4334ee81203df7b1118af35cc2f1b4531a1d9ac28a8c540a8719084dc003cc035de113017f21764c8513a7021ce0dea8e99a327b0f7ac024c242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe

Filesize
468KB

MD5
676da4c2978aa925af0b8827bb7e5366

SHA1
80a90d3107e392ed4556e52096613098588103c9

SHA256
9c20ad5062e7ceb0a709692d7bba0e3959d0c7fa26db6a2a7ee163240d958722

SHA512
b89b87f19b13fb57830eec133bf6e8515ca621172ad6011761db65eba71afc63364c93ee0f7cd52b402c68989464a07e89e14e20a8a0a95d74a9a9b265d1a872

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe

Filesize
468KB

MD5
a44aec687030f1d12f7c530c340e0d53

SHA1
242ff38a57a3491ecc50e956b1a3375e75ee3103

SHA256
ad46a07d7fc13d067001a384f756ddf80a831002b35468cf9a34befa7fad21e7

SHA512
01e70fee8b0e3a89afeebe3fe2c9f5c0e8b58da70c024eb0d2ebef02ffe81a8f9f2c8b451e7a2612a17b5e700557f3bc9a593b813772babd1b083e17d444d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe

Filesize
468KB

MD5
da3d3dcdb713589cbe368305d4c93230

SHA1
20f8a1e1c32e73506e8d4e8a6d26e5fa2a1638a6

SHA256
d79891ed1c067db90a82c26aefaf7d9978e7b6b01318194763c191eb2af65ea0

SHA512
366cf4616f48eeeb93f2b4c30d9abe54f7cb5139c9e31428fd3240170ed1de3714503a224587447516397967116fcb77ea5bd8e5cecb12e48d54b97cceea5da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe

Filesize
468KB

MD5
377dba1e63eb7ff301ce180096c18d56

SHA1
31cc11457686fdd8828e6c07cfda3df6e7ca5298

SHA256
eb6cdf8f4689d5c4c285c4a1517670428f78bfe3c4d2e411d670391f211f43e4

SHA512
eef0c2b7924aad526210ceb25974b0ebbc409878f4c1344688173684359a2544653ed2c8ac69f85ea8fbcb012f3aa1914718c110439c5d4b701d9ac1e92f041d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe

Filesize
468KB

MD5
430166a79c74fdc7a257459a25dcc642

SHA1
270a2a22e8bf535fe192e7a70b73fa67fea89cf6

SHA256
8db7600516a01e8e900dc71accedcc9ad63996919b0ffe5c2ead9b43fd544be2

SHA512
2a06326015284cc6800b79a919ef85328de0dd717428d4dcce980477f82dd7edb41361e0467686a7c6d418c5c2b99b1b711c93d65ea77e7602bb046da0744cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe

Filesize
468KB

MD5
7c8f39ec8b0890d0d562d26d1f1653a9

SHA1
de05d859fa222026adca815cd9e3098b1068397d

SHA256
e5c2abe2d808893f95f2a91d807d589dcce2837cae54c0a149993d17fb5289b5

SHA512
c29a862f34002e9cde7699391a5c706230eb3e74f39a1903da5a566c897deeef4b3d3fc096ed6ad098ea9ccd2c3f567b3d27b0b310f48e9ff107502c85b6a910

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe

Filesize
468KB

MD5
426b399685188691eb630deaedde4d71

SHA1
ed8f7abf2a87a59fac85de567ed64997fa6a0848

SHA256
ff10226ab46a61fe2adb0a674d979fa46ba0766be62c6d17b3ab1dd4784b138b

SHA512
0f7a72a36d8c8bd2aa2c9b9ac3cf969bd591f43a01435da1e32da6ff714c338728a2d98c6d494953c0eadd57357ff2d1b2ace22c0f9fd09a19113924935897f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe

Filesize
468KB

MD5
1b363d210043b17196783dc362d05b15

SHA1
4b8e3fc97e1755da2fad9da1885c8844955e04a9

SHA256
53c3fbf25ee7a5fe89f8f80edef4a4db62f1e65b4f9e2e62b335750e64a39108

SHA512
c298ca059fa953c6696f3ee026fe526085e89e8cff5e75912abce218b83f5c966947ab648c1d66dff265c01fd2f7114453b8556d58e39565039d3001b24d489f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-151.exe

Filesize
468KB

MD5
55c7bb49cce8c921face9d7c43531d7f

SHA1
9e23195a55e67ae8660617886329262dc02631df

SHA256
63c8bcf1c36f6f3de662dfc1839f796d8c8232d817c809c5c33041e6f6b9af1b

SHA512
293243ab4ded98d78a865e34ab769b4a31f74f2c39cdc4f47a50cf4bf011ede103071e000d4ea3e9c43a1820884e38d620a77de6c4d3dc55be2806bd52aaab11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe

Filesize
468KB

MD5
c27eb37fc65e169dffd382127dbb8787

SHA1
c41037114efa1c717153d79c0f72deb54c197625

SHA256
d06badb86070ed2ea8c35fb9be5fea3102c2150e52abca126b6ab978ef505f4c

SHA512
4350dd9b43d631196a93e6097f7e656da4dd2b2f64af434811ce38e3587e4c4de5f9464e32b09c156ff725448d2d388ed4ce6d4f51bd7f2e19b6aa8cbfd44a97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe

Filesize
468KB

MD5
e18e445a232ae3a45c0aa8e7975a08a7

SHA1
9e4c4dbdca68b037be6807413dde309d9ebdd2ac

SHA256
c0ce04f604a2dee6290d3a4186eda272d128ce2482645899c2aec1e5cf954ade

SHA512
f1e295c900ad2c6a8cd7fdaee4130af2c82415d1d71aac19db8fc81151b8cd03ec91ec45366ff02fbd8eab2bf855f920de6b592b0c078499bcc77f4147a2ea34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe

Filesize
468KB

MD5
d869fc05f23b807c2c3dfd8ca4365efb

SHA1
a77438795055c846cb54309ef36a41841fd1fb21

SHA256
fb7713b86dbc28f76153a05c145d43721fb224f253a1f6896759d805197a06a5

SHA512
ba0fab732980cfe0fee5043ebea41979ae849f55b815a088c960592a63a806c8ffbf1c3dcc8c6b8c9e51eec713c8abba725cc2292dd3c4aec7b12ff0c854253f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe

Filesize
468KB

MD5
0c9b5f30c8b1a8408b621496129df103

SHA1
48f182683323c0b42398f3ddebf6c61200b1ca92

SHA256
b349d122c51ee810ab3594fd008d4ae5837733fdf9c95419b89acb09d5804c45

SHA512
a4187f842d8c53052df9a08fb5971a7156f60f8899797865d357ba83f7eb448b600002be11a33a9831a3590a41717869024ed523b413db3f6da60b41011424d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe

Filesize
468KB

MD5
74a4b2d41b2901d0430dbfba8c7b8d52

SHA1
440f0296c5f9f657e84087b1997d250fd299a3cd

SHA256
46232960bee83bbdb9830eaf6bffd3035ea66f37911ec94c1cd6569ad915427e

SHA512
c6795c319f5f1a56c1c6a1ec05b3eeca08aff25bf1efa6f786449c3deb75f4b03f84087037d16b67a6c7a0a0e377a591c240eacd13ff8747aadc0e552661461a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe

Filesize
468KB

MD5
cea4936f472c5480c967c1513982c26d

SHA1
23816e601eb90d0d1993f97e08fc24f927622461

SHA256
8372535a92c22138ffdd9d00cedd17272970b0c7c7dc8bed1a7dd09d047d56bf

SHA512
e8667f38d0f0cfe1635febe799fdf64d64d79be8e134d7506a2e87354fee13d977eaba889795c743fbe0dc8846007ab3422351270e880483a876a709d34df08d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe

Filesize
468KB

MD5
357815c5e85d0e8364178eabc5769218

SHA1
9923da213dbf22eac2ef1f2b993fe757b9e682c2

SHA256
bb4365fc127d364a9bb640f4f7a6ce3bacbf77ac18b2fdabba3c286bc2cafea9

SHA512
5ede5775ac4f4c722e674946534a76b4ca04d7d0f7a4173f30e324d68e8ab9c4d6781c21eb616ad3b8d79361ee4abacc1606eec5c466a1d8fb5db2f2f59acd92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe

Filesize
468KB

MD5
6f095934118ebe09f882dea2f972d4a0

SHA1
9fc03dd6a60d410b7df60d31d1fdffb8682b2524

SHA256
d016825452a9e8b9e2111da633439c144a113ee9d373122cbd2d5fc2d6edc263

SHA512
1a5331dfee24f1c7cb8cca21aa583774e613e3dc1e4c1d9e41c12496ebc1473864707ce47f397548178a64021d849d354fc03d1c8d3b63503a2959900189a52c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe

Filesize
468KB

MD5
6031c1cf1cd603570a5dd86c9be625e1

SHA1
6b79e259fccb33757cba59d3b87e66bbab11a479

SHA256
26324abd854b076c51f0414796612e350366f9385e2ff32d51b5c0b4504aabc2

SHA512
f6bedaa24d8d8425026dd886eac59d86267b419b41eab86d33447f8eebc3aded78908ddb297655455d380e994ae2a6465f3ec7e2b8f43c40a38f6ea5293fd67c

Download Submit