347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
Size

184KB
MD5

6ba6ddb69283ce408d054634f1899390
SHA1

b5c99fb0b7bbacd79af3e1d0c420fba981c78d85
SHA256

347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2
SHA512

8484d97116338a9e512e12eb4ffbe7dd4d372ebfcf170e4a90539b8dec05233ce72e1dd4eb309314cd485368eb003dc21bcd4ecfa0c2f35cbca6e601795824a4
SSDEEP

3072:dmk9ZToHMaSCpOdgkig/8U2arlvhqnxFuN:dmcokqOdX8varl5qnxFu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2764	Unicorn-35764.exe
2100	Unicorn-26203.exe
2096	Unicorn-55730.exe
2856	Unicorn-50074.exe
2604	Unicorn-16333.exe
2488	Unicorn-62881.exe
1660	Unicorn-51963.exe
2472	Unicorn-37537.exe
2208	Unicorn-38580.exe
1640	Unicorn-56177.exe
2792	Unicorn-2570.exe
2404	Unicorn-59291.exe
2804	Unicorn-60360.exe
1980	Unicorn-22513.exe
760	Unicorn-51974.exe
1716	Unicorn-8097.exe
2280	Unicorn-27963.exe
2116	Unicorn-57106.exe
2064	Unicorn-49649.exe
2268	Unicorn-36650.exe
1696	Unicorn-20314.exe
748	Unicorn-32544.exe
1008	Unicorn-49265.exe
2360	Unicorn-18669.exe
1536	Unicorn-63956.exe
2888	Unicorn-51149.exe
1808	Unicorn-41357.exe
1532	Unicorn-8492.exe
1328	Unicorn-56925.exe
2172	Unicorn-53396.exe
2364	Unicorn-22372.exe
1732	Unicorn-36439.exe
2220	Unicorn-38324.exe
2736	Unicorn-57348.exe
2884	Unicorn-20954.exe
3048	Unicorn-36522.exe
2836	Unicorn-22455.exe
2528	Unicorn-56388.exe
2628	Unicorn-19309.exe
2656	Unicorn-42740.exe
2508	Unicorn-21421.exe
2544	Unicorn-24759.exe
1844	Unicorn-57239.exe
2112	Unicorn-57431.exe
920	Unicorn-37565.exe
2828	Unicorn-40519.exe
2896	Unicorn-53902.exe
1052	Unicorn-23991.exe
2040	Unicorn-45195.exe
2076	Unicorn-41665.exe
1964	Unicorn-28475.exe
1984	Unicorn-52102.exe
2376	Unicorn-24561.exe
1140	Unicorn-27707.exe
2328	Unicorn-14940.exe
2984	Unicorn-31468.exe
2932	Unicorn-21158.exe
932	Unicorn-4053.exe
1596	Unicorn-36726.exe
892	Unicorn-49917.exe
2532	Unicorn-20473.exe
1620	Unicorn-22284.exe
2800	Unicorn-23353.exe
2184	Unicorn-1650.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
2764	Unicorn-35764.exe
2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
2764	Unicorn-35764.exe
2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
2096	Unicorn-55730.exe
2096	Unicorn-55730.exe
2100	Unicorn-26203.exe
2100	Unicorn-26203.exe
2764	Unicorn-35764.exe
2764	Unicorn-35764.exe
2096	Unicorn-55730.exe
2856	Unicorn-50074.exe
2096	Unicorn-55730.exe
2856	Unicorn-50074.exe
2488	Unicorn-62881.exe
2488	Unicorn-62881.exe
2604	Unicorn-16333.exe
2100	Unicorn-26203.exe
2100	Unicorn-26203.exe
2604	Unicorn-16333.exe
1660	Unicorn-51963.exe
2472	Unicorn-37537.exe
2472	Unicorn-37537.exe
1660	Unicorn-51963.exe
2856	Unicorn-50074.exe
2856	Unicorn-50074.exe
2792	Unicorn-2570.exe
2792	Unicorn-2570.exe
2208	Unicorn-38580.exe
2604	Unicorn-16333.exe
2488	Unicorn-62881.exe
2208	Unicorn-38580.exe
2488	Unicorn-62881.exe
2604	Unicorn-16333.exe
2472	Unicorn-37537.exe
2472	Unicorn-37537.exe
2404	Unicorn-59291.exe
1980	Unicorn-22513.exe
1980	Unicorn-22513.exe
2404	Unicorn-59291.exe
1640	Unicorn-56177.exe
1640	Unicorn-56177.exe
2804	Unicorn-60360.exe
2804	Unicorn-60360.exe
1660	Unicorn-51963.exe
1660	Unicorn-51963.exe
760	Unicorn-51974.exe
760	Unicorn-51974.exe
2792	Unicorn-2570.exe
2792	Unicorn-2570.exe
1716	Unicorn-8097.exe
2116	Unicorn-57106.exe
1716	Unicorn-8097.exe
2116	Unicorn-57106.exe
2280	Unicorn-27963.exe
2280	Unicorn-27963.exe
2208	Unicorn-38580.exe
2208	Unicorn-38580.exe
2268	Unicorn-36650.exe
2268	Unicorn-36650.exe
1980	Unicorn-22513.exe
1980	Unicorn-22513.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2788	2272	WerFault.exe	95
4848	3152	WerFault.exe	239
4580	3140	WerFault.exe	238

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55815.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
2764	Unicorn-35764.exe
2100	Unicorn-26203.exe
2096	Unicorn-55730.exe
2856	Unicorn-50074.exe
2604	Unicorn-16333.exe
2488	Unicorn-62881.exe
1660	Unicorn-51963.exe
2472	Unicorn-37537.exe
2208	Unicorn-38580.exe
2792	Unicorn-2570.exe
1640	Unicorn-56177.exe
2404	Unicorn-59291.exe
2804	Unicorn-60360.exe
1980	Unicorn-22513.exe
760	Unicorn-51974.exe
2280	Unicorn-27963.exe
2116	Unicorn-57106.exe
1716	Unicorn-8097.exe
2064	Unicorn-49649.exe
1696	Unicorn-20314.exe
2268	Unicorn-36650.exe
1536	Unicorn-63956.exe
748	Unicorn-32544.exe
2888	Unicorn-51149.exe
2360	Unicorn-18669.exe
1008	Unicorn-49265.exe
1808	Unicorn-41357.exe
1532	Unicorn-8492.exe
2172	Unicorn-53396.exe
1328	Unicorn-56925.exe
2364	Unicorn-22372.exe
1732	Unicorn-36439.exe
2220	Unicorn-38324.exe
2736	Unicorn-57348.exe
2884	Unicorn-20954.exe
2836	Unicorn-22455.exe
3048	Unicorn-36522.exe
2628	Unicorn-19309.exe
2528	Unicorn-56388.exe
2656	Unicorn-42740.exe
2508	Unicorn-21421.exe
1844	Unicorn-57239.exe
2544	Unicorn-24759.exe
2112	Unicorn-57431.exe
920	Unicorn-37565.exe
2828	Unicorn-40519.exe
1052	Unicorn-23991.exe
2896	Unicorn-53902.exe
2040	Unicorn-45195.exe
2076	Unicorn-41665.exe
1964	Unicorn-28475.exe
1984	Unicorn-52102.exe
2376	Unicorn-24561.exe
1140	Unicorn-27707.exe
2932	Unicorn-21158.exe
2328	Unicorn-14940.exe
2984	Unicorn-31468.exe
892	Unicorn-49917.exe
1596	Unicorn-36726.exe
932	Unicorn-4053.exe
2532	Unicorn-20473.exe
1620	Unicorn-22284.exe
2800	Unicorn-23353.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2764	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	30
PID 2700 wrote to memory of 2764	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	30
PID 2700 wrote to memory of 2764	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	30
PID 2700 wrote to memory of 2764	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	30
PID 2764 wrote to memory of 2100	2764	Unicorn-35764.exe	31
PID 2764 wrote to memory of 2100	2764	Unicorn-35764.exe	31
PID 2764 wrote to memory of 2100	2764	Unicorn-35764.exe	31
PID 2764 wrote to memory of 2100	2764	Unicorn-35764.exe	31
PID 2700 wrote to memory of 2096	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	32
PID 2700 wrote to memory of 2096	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	32
PID 2700 wrote to memory of 2096	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	32
PID 2700 wrote to memory of 2096	2700	347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe	32
PID 2096 wrote to memory of 2856	2096	Unicorn-55730.exe	33
PID 2096 wrote to memory of 2856	2096	Unicorn-55730.exe	33
PID 2096 wrote to memory of 2856	2096	Unicorn-55730.exe	33
PID 2096 wrote to memory of 2856	2096	Unicorn-55730.exe	33
PID 2100 wrote to memory of 2604	2100	Unicorn-26203.exe	34
PID 2100 wrote to memory of 2604	2100	Unicorn-26203.exe	34
PID 2100 wrote to memory of 2604	2100	Unicorn-26203.exe	34
PID 2100 wrote to memory of 2604	2100	Unicorn-26203.exe	34
PID 2764 wrote to memory of 2488	2764	Unicorn-35764.exe	35
PID 2764 wrote to memory of 2488	2764	Unicorn-35764.exe	35
PID 2764 wrote to memory of 2488	2764	Unicorn-35764.exe	35
PID 2764 wrote to memory of 2488	2764	Unicorn-35764.exe	35
PID 2096 wrote to memory of 1660	2096	Unicorn-55730.exe	37
PID 2096 wrote to memory of 1660	2096	Unicorn-55730.exe	37
PID 2096 wrote to memory of 1660	2096	Unicorn-55730.exe	37
PID 2096 wrote to memory of 1660	2096	Unicorn-55730.exe	37
PID 2856 wrote to memory of 2472	2856	Unicorn-50074.exe	36
PID 2856 wrote to memory of 2472	2856	Unicorn-50074.exe	36
PID 2856 wrote to memory of 2472	2856	Unicorn-50074.exe	36
PID 2856 wrote to memory of 2472	2856	Unicorn-50074.exe	36
PID 2488 wrote to memory of 2208	2488	Unicorn-62881.exe	38
PID 2488 wrote to memory of 2208	2488	Unicorn-62881.exe	38
PID 2488 wrote to memory of 2208	2488	Unicorn-62881.exe	38
PID 2488 wrote to memory of 2208	2488	Unicorn-62881.exe	38
PID 2100 wrote to memory of 2792	2100	Unicorn-26203.exe	40
PID 2100 wrote to memory of 2792	2100	Unicorn-26203.exe	40
PID 2100 wrote to memory of 2792	2100	Unicorn-26203.exe	40
PID 2100 wrote to memory of 2792	2100	Unicorn-26203.exe	40
PID 2604 wrote to memory of 1640	2604	Unicorn-16333.exe	39
PID 2604 wrote to memory of 1640	2604	Unicorn-16333.exe	39
PID 2604 wrote to memory of 1640	2604	Unicorn-16333.exe	39
PID 2604 wrote to memory of 1640	2604	Unicorn-16333.exe	39
PID 2472 wrote to memory of 2404	2472	Unicorn-37537.exe	42
PID 2472 wrote to memory of 2404	2472	Unicorn-37537.exe	42
PID 2472 wrote to memory of 2404	2472	Unicorn-37537.exe	42
PID 2472 wrote to memory of 2404	2472	Unicorn-37537.exe	42
PID 1660 wrote to memory of 2804	1660	Unicorn-51963.exe	41
PID 1660 wrote to memory of 2804	1660	Unicorn-51963.exe	41
PID 1660 wrote to memory of 2804	1660	Unicorn-51963.exe	41
PID 1660 wrote to memory of 2804	1660	Unicorn-51963.exe	41
PID 2856 wrote to memory of 1980	2856	Unicorn-50074.exe	43
PID 2856 wrote to memory of 1980	2856	Unicorn-50074.exe	43
PID 2856 wrote to memory of 1980	2856	Unicorn-50074.exe	43
PID 2856 wrote to memory of 1980	2856	Unicorn-50074.exe	43
PID 2792 wrote to memory of 760	2792	Unicorn-2570.exe	44
PID 2792 wrote to memory of 760	2792	Unicorn-2570.exe	44
PID 2792 wrote to memory of 760	2792	Unicorn-2570.exe	44
PID 2792 wrote to memory of 760	2792	Unicorn-2570.exe	44
PID 2208 wrote to memory of 2280	2208	Unicorn-38580.exe	45
PID 2208 wrote to memory of 2280	2208	Unicorn-38580.exe	45
PID 2208 wrote to memory of 2280	2208	Unicorn-38580.exe	45
PID 2208 wrote to memory of 2280	2208	Unicorn-38580.exe	45

C:\Users\Admin\AppData\Local\Temp\347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe
"C:\Users\Admin\AppData\Local\Temp\347a389c5ee27345f1b90b155d74e672c30b05cd8b08f89ace4aba50e84545f2N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        9⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
        10⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        11⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        11⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28137.exe
        11⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        8⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22037.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        9⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24269.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        8⤵
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        7⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        9⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
        9⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
        10⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        9⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52433.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        6⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        7⤵
        Program crash
        
        PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        11⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        11⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        11⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        11⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38513.exe
        10⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        10⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19596.exe
        11⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        10⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46795.exe
        10⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56249.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        8⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 220
        9⤵
        Program crash
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        8⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9190.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        10⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25645.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
        9⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        9⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41174.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        9⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 220
        10⤵
        Program crash
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        9⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        8⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12074.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        8⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24759.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44012.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        10⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10434.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22456.exe
        12⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        11⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        12⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        12⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        10⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        11⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        10⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
        11⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        11⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        11⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        11⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        9⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43951.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55337.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        9⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        9⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        11⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        11⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
        10⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        11⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        10⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55439.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
        9⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22124.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42130.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        9⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        8⤵
        
        PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10483.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        10⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        11⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        10⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        11⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        9⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        11⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        11⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        10⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
        8⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35000.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        8⤵
        
        PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        8⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        10⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19235.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        7⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39527.exe
        9⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        8⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        8⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53799.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        8⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        9⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        8⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        8⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        7⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        7⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        7⤵
        
        PID:5412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe

Filesize
184KB

MD5
a6c4039a024924bebd532ee4c798d21e

SHA1
2c5a6fc6002eda71caf513a4d7a0d288d3936975

SHA256
f1fed7dfb9ac752e9f62a020ec78074d09454b7dbdcbaeb90f2b5b83ec454151

SHA512
21835ff3c0e341ce2737821fc68d102df8a611a4b741874ab991a44ca3e65bc3c2ddc73fec60ce950ccd74ac830116273a5f7e0ef6d3a6e9b92dfc3cad4f4caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe

Filesize
184KB

MD5
f345ea87655ed6a62abe35c92bf6670e

SHA1
dbaccb48537fde993e56a54552a3c0dea6a1d8d9

SHA256
3873d679a841fd511aab4945257bc8fb52afce7f5334eecfd958cf0c6875264e

SHA512
b111c5bbf4016e6da15524fe6050ea5743c37d64edaa686b00e6458c13737f1e493332f032bfa745d97fb0ed36f93a110349898f575ccb93ee25a4cef64a2051

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe

Filesize
184KB

MD5
5a8776b8c2b1501ae5569a570f52831d

SHA1
f35827b859ec649533791dba6cbcfbf085c00f42

SHA256
36b987e9a54801262347ef86ed58bb0f9bce6bed274e289e7f627dea4bcbbe00

SHA512
b1b481e061ed0a7669e80a3bceaad3b0db70189b5bc3a3b88a05d737251cbd3f1f7f292ab1f5c2e91d6cc5ad60bb591a2df56a020a21cb4ca1997355d3deda98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe

Filesize
184KB

MD5
4e9a623df0a32bdd5a51fdcc9807036a

SHA1
0413ff34cdb02ddd26ba7ec82cb4b97d95bf6058

SHA256
7d3a699fbb3848e327696dd9dc5835a79d4373a9b3d9859de47782411b3699d9

SHA512
0ea28890c01f827b279b43f39f772f8485b7cab8d6ef7e6517a67ca5517c5c3ffa824fc64cf1513cd8a59e9665565fc6e31b831195ddffc1eecd4837e412d2b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe

Filesize
184KB

MD5
7f57b3162c5bbae656ce0bb3802d7b03

SHA1
f22f61c51d5c43e1cc063450e020c92674f6630d

SHA256
4605b4b83c95bcf9525485532cf7bd37663379e4f7b65a001d4973a1aa09337b

SHA512
9d8e1b2dafc9ddd3b4398a139d2465d5d300ae38f0fc4ffa3b3680bf2687b35bf2b736bf8d1f17c1820dce12c965212688cda795ddf5c18dbd5bb9f9a0949cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe

Filesize
184KB

MD5
beac8c7a5dcb586fb8c549d833e406b1

SHA1
b40e633cc652d5b7ce00305fa2bb96fd057a64b6

SHA256
90d52a4bfb5975b19be16e5cc644427fc47819c870b3a062ca081f11e59c0703

SHA512
d3053ef2a4b5cd053e2a244eef523227df0ff10e69037912219fd36ed987401bd793b01d88c0eacea478253d1bdc147e569bcad91f960c352acc4797cc0181ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe

Filesize
184KB

MD5
f9e28a8164399145a19ce07d528be95b

SHA1
e75d4de69b6f071c1be14550c2687677f3e3a491

SHA256
1407446c143381677d7c6288f47283263092e1a7dacea3e0bf017619796171fc

SHA512
38e2e3737b52ee880545c5a9b39f8acc5e1cf367e0745b88924ed4fd73010ff724ad1e8200d75486b66fc11fcd57ea173c4d98cc77ae51d114ac07909fafe373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe

Filesize
184KB

MD5
20fb7d2a14742d6b4c1ad25fff60c7a3

SHA1
f420abfa1c70a108f014f9b90598d35551874889

SHA256
2e5f36b05e883e4785b46f0b12ae6938af374f66a03853a9ee5d7b712555fef1

SHA512
8383ae0248d452fe3e1dca81ff02e65c55efda17e67e5b771ace4fa5ff68d9944d69289f4dbc326d0f0406d56451aa953a68da0468edad81b6e04a92dcf2c3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe

Filesize
184KB

MD5
429fa8b2d6a02d3046839afb8621b655

SHA1
56f5c46b2f9747e21e82b71885177360aa3a20a2

SHA256
80bb6753cd8ff7ab5861a90bf69ff942724bb3f26ebbadaf1b0a3eba1e8be241

SHA512
0afc3c08135c10291b8691afe57c646e4f1bff55aab700286b537563202c4fd5616d1615f815b434615b7d4f9335b0e45acb309292334ae6e314d2dfb58f75c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe

Filesize
184KB

MD5
b49dcb9fbc5d6809e416bbc22f5353f9

SHA1
52b0d66b773f1138b3d20688137cd51020d5079e

SHA256
ad6db91a634dd7d6ecbb0700076a6222a076eebf2490eea84ae4e7cdcf2ee9cc

SHA512
e43772ee98e8e2c810a25cde5c8f28791d250ee90249230a193a0bc4e9276a8aef2e4d870d01eeb434abe40b46e6d63963f2d8436cd57a5a7a7b911b9edd612d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe

Filesize
184KB

MD5
5ce334c10101809e80e2cf126600ef78

SHA1
5a2234e00fe328efbf42d234da1ea318da5b5e55

SHA256
f3a321743d4b66bd1cd43296540d22c7f1617adb0bab5675626a2987c1449d2f

SHA512
a0800d7489471ba7b3acc90cc831892897ec121fc3d916da7e01476ff245bad880672febc1f4f26b836b1e8325ff6f136bcbad68cfad72c841be84b59830ea5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe

Filesize
184KB

MD5
e10893684bef60a9f2a6626288e3de9e

SHA1
7868442c5e32df704b21e35907a880ba2ed275fe

SHA256
244279c947f1ff2374427ade258ade12de329f0c01c9f8901eecec43524d8cfd

SHA512
0a709a75b6fada69189f1ac8abaf5751e79f352bd288eeebcc497699d71081fc1d1beab05af0748b7a06e232eeb527c67a9ac9af89d82792c065d2eb760744f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe

Filesize
184KB

MD5
deb82b09f71726fd044e1c64e30d7525

SHA1
f0a46686684a5822e2f678b31113e890b142d0ba

SHA256
ae937102943e1c863b41325b31bc46ddced601ef9c3b1ab3016532e19f9dab31

SHA512
1d69e5f23fe114645b6dc1fb2a38ce3caea8e523b30e8562face53b0d6545ed9b51af106c86984cf71b892dd46889826b184ba3b2798eacffcc08c1b5c588d58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe

Filesize
184KB

MD5
8e9f5f5a2f5c6ef9e20e6d1e8096b5ab

SHA1
078f679192371e677afdfaec2fdf35dbde0f46e2

SHA256
799c7f7b9d4814f22a412fbfaf376f78ec6353603e531d1b45c51966e6cbf29f

SHA512
9a8d78eaaeb4d60e2fe4999ca50d45c0d2c38c69d78afee95c6931f72978418541fd643dd6c9eaf90b29dec8e6c2f5646a768ec8bb2641260c7b7427a29f6555

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2570.exe

Filesize
184KB

MD5
65cab5fc91de7d9895c1a5b0b10058da

SHA1
cb5a71cc59d4cfa7c9912e3bd14a0169cf9731c9

SHA256
3034544f7c591cd3b78f4ce8d5affb0388ca424dcce163e978cb663671a528f4

SHA512
2a3b3c6961243fcc63b96c9111a96132e33a0ab9b0dcd3d45d9b2ddf4cc74eb05459dc2a55f30a369997980ad9a41b860017c1029afb6c9ab294fe8b3dc2159b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe

Filesize
184KB

MD5
3ab9422dd05dda118bd0c622f2e021b2

SHA1
cac8ee4f493ef5c224697b86eef243c43dec563b

SHA256
db45fa60abbb3b97231c448a09239a0104d9cd21226df1b2fd110117bdd7b192

SHA512
cddb0e563c954ec2787cdc7764c65cfd88d8dda43a091aab2f357dcff2d1de45948082a59b8ef4365e7bb0c307098c6b72c7a940778bbebf0b1645501837826a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe

Filesize
184KB

MD5
84d1a2efcd451be6a16ddf6e235321c3

SHA1
5320fec46158cb6a22b2cf608a8f4d677e4715c0

SHA256
80e539307106f3affb355d0b2d3161801c2895790f94a5bd57f87800e4058808

SHA512
4074c68c1241085089220ba297bb12bd9a2ceb9ee584593fd254dbc787869ca88943f4ec191238f68f7b3cb6483796db6fe9cd8670ade6e0061a7abffe469337

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38580.exe

Filesize
184KB

MD5
e5e237e5a5388959323a498ce46432c1

SHA1
11da952d092e6edf72515f2b77275a7516fbe9fb

SHA256
47d1a2573c1fbbda32b8e7c698dd5c2db61fd37bc175ddc5efa0d0d16bf1efd4

SHA512
913ddf185a4606dc2c7a0c28bc5b7bc8d2382a88d00914b5b6fe25dec2031da8098135917f2f6980573e66f45e6688480b74eece4d494e41369b87f243367362

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe

Filesize
184KB

MD5
c9a7efb21e30adb1e445a6fe27b8acdd

SHA1
e94951a33a115ab1c4be19d5c2a281763774ee12

SHA256
7214a8f813a9e5977415abaa1de34e1b728ae3dcb78e4cc8c4d843dd8c1a32c7

SHA512
e4e75fa0617036170c3d7ce94538f2a4f823bb07d8627a4caf4cb15193f940c1f84e5b6ece71d076c47f483fccdffaac8c089f9b807b2967d55917a47f1ed9ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe

Filesize
184KB

MD5
df21ff1e064d5257750d5cfb0b91db8d

SHA1
65fac7909c8993b2ef8d3a820914fb15618d6f62

SHA256
e5e9551ba0f2177b2455f4c6c0bbb0c2d00cffd73919f5126bb00ed67ea3725e

SHA512
65744b5ba1004c6c490439f9bd9a472d2a18e66ae97f97e9d84220c12ddf0d7d2700df169f1776d2b81df31e342458772ec07fc2fc9bc689de7d9765f0c3e282

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe

Filesize
184KB

MD5
1e723099fac219ca5914aa2a2156c7d2

SHA1
4c625b1d09f959fa4fa223a6ceba07546617566b

SHA256
9a1323f9854ee56aad1c3d2d132b843ed560a8a8c1486ca42ee07d7b0312fa66

SHA512
25aa3df39f748d4933d8b11b7726fc4d45d25eae4f915d165450deba2ea8a9295741a12adceadad9b0d4280f0027fa42a8b422f45ea38b142fbc8a838a51a087

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe

Filesize
184KB

MD5
19b46add7f4d87806547cde277fc17c8

SHA1
610e96ad318bb649d186c89064b345d6538dee6e

SHA256
780bd86e7bdd8b8ca81d28b84c9d6fffc48da64f3379379dcbe77671a998fc33

SHA512
9ab55c0098754a3b0a57fca9582627663602639053708aa1e4486dd977fe16646b66b9f288844b2582a2a8abf260aa48304742ff480c39b43f4499a05bdb2cad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe

Filesize
184KB

MD5
38a89d05b8fce2c1bc5497f8bcc08a97

SHA1
1613c11a07d7f3a2d9559e69dda520a12d25127e

SHA256
68ec4f323e2b17261ffef5ed52c1411a27f0b83b9e92a08b0799c969af577745

SHA512
dc9fd235cd0b028c0658b542cf1aa94e54331eb5eb031ec63e608283a6e1c342af18008d3081abf9afc322d12279f6b1fdfdcae94e8a7685e6618a31735848ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe

Filesize
184KB

MD5
3676542f68348cdd38231ac70d66ce6e

SHA1
5443ef24f87e0aad92a31030f352bdc7c43aed42

SHA256
19bc225d42d3e4fcedef0879e8094978f67bd4a460a81526a6209dfe7293a4d9

SHA512
18a927339c63cb97bdb0641c4aa1c3c61a8494577fa1417dbeb27748a9a39aed315a0644458f480d1e2151fe54de5bd408ede397ffaa70b9c679c6d057b98389

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe

Filesize
184KB

MD5
57c472567abe82c5e11d2d9d4671da8d

SHA1
2ce58cdb5473fc1a0d5ac1da43a96df682334869

SHA256
e582cba1fba96a6e23ab97aad733e9301ee27f2b40024406a71187db7fe21d10

SHA512
6c8e4bb39c433dac5a469f6f60e589b06631bae1b1ad30d461daf6d9d86773d0f7648201aa1aa996de06b8ccf0fa2279aae53933fa21430428c872bdba30fecd

Download Submit