ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1

Analysis

max time kernel
147s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
Size

468KB
MD5

1ef82e6dae898faa01fe253ca6eccc65
SHA1

d4cf0b5838f169dfedd88230e32a1b52d2e33663
SHA256

ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1
SHA512

66fc45c7dfdb8fd9658b094110df2b1926145a4d02f7c899f8edf178bcc13c8bc83e68a6074f3c1bf5b1396e746321ff7017464f1bb6fd302d0f9426d49164cc
SSDEEP

3072:4JqCoJldI03YtbY2PzcjNfT/rDhF4GpXQ+HCOVm6NksL0SQUS/l5:4JXoKOYtBP4jNf0GG4NkGvQUS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2724	Unicorn-7229.exe
2836	Unicorn-36986.exe
2624	Unicorn-784.exe
2616	Unicorn-64313.exe
3024	Unicorn-31065.exe
3056	Unicorn-24934.exe
1484	Unicorn-60208.exe
2132	Unicorn-39428.exe
1432	Unicorn-5914.exe
2420	Unicorn-21063.exe
2044	Unicorn-48866.exe
1856	Unicorn-21255.exe
2660	Unicorn-34061.exe
3012	Unicorn-23943.exe
3016	Unicorn-4077.exe
2936	Unicorn-33642.exe
2472	Unicorn-43625.exe
2456	Unicorn-63107.exe
2504	Unicorn-14919.exe
408	Unicorn-54301.exe
2524	Unicorn-54301.exe
1696	Unicorn-50964.exe
1680	Unicorn-64699.exe
1752	Unicorn-5292.exe
2696	Unicorn-56989.exe
2548	Unicorn-1658.exe
1520	Unicorn-57181.exe
852	Unicorn-36739.exe
2356	Unicorn-56605.exe
2064	Unicorn-40004.exe
2112	Unicorn-20595.exe
1924	Unicorn-12936.exe
1504	Unicorn-32153.exe
2532	Unicorn-55759.exe
2516	Unicorn-3957.exe
2804	Unicorn-31193.exe
2924	Unicorn-11327.exe
2904	Unicorn-58712.exe
2764	Unicorn-54352.exe
2632	Unicorn-47337.exe
3028	Unicorn-57487.exe
1080	Unicorn-27576.exe
840	Unicorn-22593.exe
2032	Unicorn-42459.exe
2740	Unicorn-16523.exe
2432	Unicorn-62194.exe
2124	Unicorn-17592.exe
1740	Unicorn-1063.exe
2896	Unicorn-32210.exe
1804	Unicorn-9624.exe
2580	Unicorn-61426.exe
1216	Unicorn-48427.exe
1148	Unicorn-61042.exe
2468	Unicorn-64571.exe
2256	Unicorn-61321.exe
2284	Unicorn-1914.exe
2956	Unicorn-1914.exe
1316	Unicorn-63538.exe
2244	Unicorn-11736.exe
1636	Unicorn-954.exe
848	Unicorn-3969.exe
948	Unicorn-3512.exe
2192	Unicorn-11183.exe
2308	Unicorn-56372.exe

Loads dropped DLL 64 IoCs

pid	Process
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2724	Unicorn-7229.exe
2724	Unicorn-7229.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2624	Unicorn-784.exe
2624	Unicorn-784.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2836	Unicorn-36986.exe
2836	Unicorn-36986.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2724	Unicorn-7229.exe
2724	Unicorn-7229.exe
3056	Unicorn-24934.exe
3056	Unicorn-24934.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
1484	Unicorn-60208.exe
1484	Unicorn-60208.exe
2724	Unicorn-7229.exe
2724	Unicorn-7229.exe
3024	Unicorn-31065.exe
3024	Unicorn-31065.exe
2836	Unicorn-36986.exe
2836	Unicorn-36986.exe
2624	Unicorn-784.exe
2616	Unicorn-64313.exe
2624	Unicorn-784.exe
2616	Unicorn-64313.exe
2132	Unicorn-39428.exe
2132	Unicorn-39428.exe
3056	Unicorn-24934.exe
3056	Unicorn-24934.exe
1432	Unicorn-5914.exe
1432	Unicorn-5914.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
3016	Unicorn-4077.exe
3012	Unicorn-23943.exe
3016	Unicorn-4077.exe
3012	Unicorn-23943.exe
2616	Unicorn-64313.exe
2616	Unicorn-64313.exe
2624	Unicorn-784.exe
2660	Unicorn-34061.exe
2624	Unicorn-784.exe
2660	Unicorn-34061.exe
2420	Unicorn-21063.exe
2420	Unicorn-21063.exe
2836	Unicorn-36986.exe
2836	Unicorn-36986.exe
2044	Unicorn-48866.exe
2044	Unicorn-48866.exe
1484	Unicorn-60208.exe
1484	Unicorn-60208.exe
1856	Unicorn-21255.exe
2724	Unicorn-7229.exe
1856	Unicorn-21255.exe
2724	Unicorn-7229.exe
3024	Unicorn-31065.exe
3024	Unicorn-31065.exe
2936	Unicorn-33642.exe
2936	Unicorn-33642.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2700	1316	WerFault.exe	88
6248	5796	WerFault.exe	469

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15156.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
2724	Unicorn-7229.exe
2836	Unicorn-36986.exe
2624	Unicorn-784.exe
3056	Unicorn-24934.exe
3024	Unicorn-31065.exe
1484	Unicorn-60208.exe
2616	Unicorn-64313.exe
2132	Unicorn-39428.exe
1432	Unicorn-5914.exe
1856	Unicorn-21255.exe
2420	Unicorn-21063.exe
3012	Unicorn-23943.exe
2660	Unicorn-34061.exe
2044	Unicorn-48866.exe
3016	Unicorn-4077.exe
2936	Unicorn-33642.exe
2472	Unicorn-43625.exe
2456	Unicorn-63107.exe
2504	Unicorn-14919.exe
408	Unicorn-54301.exe
2524	Unicorn-54301.exe
1696	Unicorn-50964.exe
1680	Unicorn-64699.exe
1752	Unicorn-5292.exe
2696	Unicorn-56989.exe
2548	Unicorn-1658.exe
1520	Unicorn-57181.exe
852	Unicorn-36739.exe
2356	Unicorn-56605.exe
2064	Unicorn-40004.exe
2112	Unicorn-20595.exe
1924	Unicorn-12936.exe
1504	Unicorn-32153.exe
2532	Unicorn-55759.exe
2516	Unicorn-3957.exe
2804	Unicorn-31193.exe
2924	Unicorn-11327.exe
2904	Unicorn-58712.exe
2764	Unicorn-54352.exe
2632	Unicorn-47337.exe
3028	Unicorn-57487.exe
1080	Unicorn-27576.exe
840	Unicorn-22593.exe
2032	Unicorn-42459.exe
2432	Unicorn-62194.exe
2740	Unicorn-16523.exe
2124	Unicorn-17592.exe
1740	Unicorn-1063.exe
2896	Unicorn-32210.exe
2580	Unicorn-61426.exe
1804	Unicorn-9624.exe
1216	Unicorn-48427.exe
1148	Unicorn-61042.exe
2468	Unicorn-64571.exe
2256	Unicorn-61321.exe
2284	Unicorn-1914.exe
2956	Unicorn-1914.exe
1316	Unicorn-63538.exe
2244	Unicorn-11736.exe
948	Unicorn-3512.exe
1636	Unicorn-954.exe
2192	Unicorn-11183.exe
848	Unicorn-3969.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2724	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	30
PID 2848 wrote to memory of 2724	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	30
PID 2848 wrote to memory of 2724	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	30
PID 2848 wrote to memory of 2724	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	30
PID 2724 wrote to memory of 2836	2724	Unicorn-7229.exe	31
PID 2724 wrote to memory of 2836	2724	Unicorn-7229.exe	31
PID 2724 wrote to memory of 2836	2724	Unicorn-7229.exe	31
PID 2724 wrote to memory of 2836	2724	Unicorn-7229.exe	31
PID 2848 wrote to memory of 2624	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	32
PID 2848 wrote to memory of 2624	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	32
PID 2848 wrote to memory of 2624	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	32
PID 2848 wrote to memory of 2624	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	32
PID 2624 wrote to memory of 2616	2624	Unicorn-784.exe	33
PID 2624 wrote to memory of 2616	2624	Unicorn-784.exe	33
PID 2624 wrote to memory of 2616	2624	Unicorn-784.exe	33
PID 2624 wrote to memory of 2616	2624	Unicorn-784.exe	33
PID 2836 wrote to memory of 3024	2836	Unicorn-36986.exe	35
PID 2836 wrote to memory of 3024	2836	Unicorn-36986.exe	35
PID 2836 wrote to memory of 3024	2836	Unicorn-36986.exe	35
PID 2836 wrote to memory of 3024	2836	Unicorn-36986.exe	35
PID 2848 wrote to memory of 3056	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	34
PID 2848 wrote to memory of 3056	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	34
PID 2848 wrote to memory of 3056	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	34
PID 2848 wrote to memory of 3056	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	34
PID 2724 wrote to memory of 1484	2724	Unicorn-7229.exe	36
PID 2724 wrote to memory of 1484	2724	Unicorn-7229.exe	36
PID 2724 wrote to memory of 1484	2724	Unicorn-7229.exe	36
PID 2724 wrote to memory of 1484	2724	Unicorn-7229.exe	36
PID 3056 wrote to memory of 2132	3056	Unicorn-24934.exe	37
PID 3056 wrote to memory of 2132	3056	Unicorn-24934.exe	37
PID 3056 wrote to memory of 2132	3056	Unicorn-24934.exe	37
PID 3056 wrote to memory of 2132	3056	Unicorn-24934.exe	37
PID 2848 wrote to memory of 1432	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	38
PID 2848 wrote to memory of 1432	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	38
PID 2848 wrote to memory of 1432	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	38
PID 2848 wrote to memory of 1432	2848	ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe	38
PID 1484 wrote to memory of 2420	1484	Unicorn-60208.exe	39
PID 1484 wrote to memory of 2420	1484	Unicorn-60208.exe	39
PID 1484 wrote to memory of 2420	1484	Unicorn-60208.exe	39
PID 1484 wrote to memory of 2420	1484	Unicorn-60208.exe	39
PID 2724 wrote to memory of 2044	2724	Unicorn-7229.exe	40
PID 2724 wrote to memory of 2044	2724	Unicorn-7229.exe	40
PID 2724 wrote to memory of 2044	2724	Unicorn-7229.exe	40
PID 2724 wrote to memory of 2044	2724	Unicorn-7229.exe	40
PID 3024 wrote to memory of 1856	3024	Unicorn-31065.exe	41
PID 3024 wrote to memory of 1856	3024	Unicorn-31065.exe	41
PID 3024 wrote to memory of 1856	3024	Unicorn-31065.exe	41
PID 3024 wrote to memory of 1856	3024	Unicorn-31065.exe	41
PID 2836 wrote to memory of 2660	2836	Unicorn-36986.exe	42
PID 2836 wrote to memory of 2660	2836	Unicorn-36986.exe	42
PID 2836 wrote to memory of 2660	2836	Unicorn-36986.exe	42
PID 2836 wrote to memory of 2660	2836	Unicorn-36986.exe	42
PID 2624 wrote to memory of 3016	2624	Unicorn-784.exe	43
PID 2624 wrote to memory of 3016	2624	Unicorn-784.exe	43
PID 2624 wrote to memory of 3016	2624	Unicorn-784.exe	43
PID 2624 wrote to memory of 3016	2624	Unicorn-784.exe	43
PID 2616 wrote to memory of 3012	2616	Unicorn-64313.exe	44
PID 2616 wrote to memory of 3012	2616	Unicorn-64313.exe	44
PID 2616 wrote to memory of 3012	2616	Unicorn-64313.exe	44
PID 2616 wrote to memory of 3012	2616	Unicorn-64313.exe	44
PID 2132 wrote to memory of 2936	2132	Unicorn-39428.exe	45
PID 2132 wrote to memory of 2936	2132	Unicorn-39428.exe	45
PID 2132 wrote to memory of 2936	2132	Unicorn-39428.exe	45
PID 2132 wrote to memory of 2936	2132	Unicorn-39428.exe	45

C:\Users\Admin\AppData\Local\Temp\ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe
"C:\Users\Admin\AppData\Local\Temp\ffab0f977a5eebbbda5f54429ea9dc43c3c65b2fc10821d3198cbc80845a68e1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        9⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5151.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        7⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        7⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        6⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        6⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        7⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51411.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        6⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 188
        8⤵
        Program crash
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        5⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        6⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        5⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        5⤵
        
        PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        7⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4813.exe
        6⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 220
        6⤵
        Program crash
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57396.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        5⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        5⤵
        
        PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        6⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        5⤵
        
        PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        5⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        6⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64650.exe
        6⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        5⤵
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
      4⤵
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27998.exe
        5⤵
        
        PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
      4⤵
      PID:7084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60208.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17592.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        7⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        7⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        6⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        6⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        5⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        5⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        5⤵
        
        PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        5⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        5⤵
        
        PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        5⤵
        
        PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        5⤵
        
        PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
      4⤵
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37604.exe
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
      4⤵
      PID:7556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        6⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        6⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14245.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34859.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2294.exe
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16887.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
      4⤵
      PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
      4⤵
      PID:8040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45126.exe
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
      4⤵
      PID:348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
      4⤵
      PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
      4⤵
      PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
      4⤵
      PID:7816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
      4⤵
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        5⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
      4⤵
      PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
      4⤵
      PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
    3⤵
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
      4⤵
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    3⤵
    PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
    3⤵
    PID:6936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
    3⤵
    PID:7508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        7⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55791.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        7⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        6⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        7⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3802.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        5⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9730.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        7⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        6⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        6⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61662.exe
        6⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        5⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        5⤵
        
        PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
      4⤵
      PID:7592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        7⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        6⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        6⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        5⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        5⤵
        
        PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        5⤵
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3704.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        5⤵
        
        PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14465.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      4⤵
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55218.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        6⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        6⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        5⤵
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      4⤵
      PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      4⤵
      PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
      4⤵
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51191.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
      4⤵
      PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
    3⤵
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
      4⤵
      PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    3⤵
    PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
    3⤵
    PID:6944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
    3⤵
    PID:8024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        7⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        6⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
        5⤵
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
        5⤵
        
        PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        6⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        5⤵
        
        PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
      4⤵
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        5⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
      4⤵
      PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
      4⤵
      PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      4⤵
      PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7171.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        6⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        6⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19594.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
        5⤵
        
        PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
      4⤵
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
      4⤵
      PID:7488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        5⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        5⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        5⤵
        
        PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      4⤵
      PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      4⤵
      PID:7768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
      4⤵
      PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
      4⤵
      PID:6380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
    3⤵
    PID:768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63628.exe
    3⤵
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
    3⤵
    PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
    3⤵
    PID:6960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        5⤵
        
        PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54567.exe
        5⤵
        
        PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      4⤵
      PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      4⤵
      PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
      4⤵
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        5⤵
        
        PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
      4⤵
      PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
      4⤵
      PID:7752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
      4⤵
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
      4⤵
      PID:7396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
    3⤵
    PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
    3⤵
    PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14919.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29040.exe
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50037.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38019.exe
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
      4⤵
      PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
    3⤵
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
      4⤵
      PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
      4⤵
      PID:8172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51069.exe
    3⤵
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
    3⤵
    PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
    3⤵
    PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
    3⤵
    PID:7036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
    3⤵
    PID:7540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
    3⤵
    PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
      4⤵
      PID:7220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
    3⤵
    PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
    3⤵
    PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
    3⤵
    PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
    3⤵
    PID:6588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
    3⤵
    PID:7480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
  2⤵
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
    3⤵
    PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
    3⤵
    PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
    3⤵
    PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
    3⤵
    PID:7300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
  2⤵
  PID:3644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35260.exe
  2⤵
  PID:4648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
  2⤵
  PID:5592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
  2⤵
  PID:7096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
  2⤵
  PID:7640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe

Filesize
468KB

MD5
9bf73c8d72f0cc481d0e19cab5964e6d

SHA1
b101ddeb1fa93442db5368f442a82802f798c83d

SHA256
359532a3be7f52bb175c91d9fc17cda133ffb2e5dd20e6b679482314ff0dab46

SHA512
e2ec6d068426c59195d98a2518d7407452f573d409caeae4e77d27440267759a7ba7ea9a14b9f4d4b97f1e3c85faf1c1ec7eff3e977df6d7e0535478fae9c0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe

Filesize
468KB

MD5
111f529f665711e4a69d7651ea9e9906

SHA1
90eb4dfae1b4ecba217eba9da804a870c81d6e59

SHA256
d4ae881117ddcd56345d88b0ff97ce752d3e399da6c36079c0a1814e7038f903

SHA512
f2a5e6c2211cc558e02d91ee27bb858a8d473cdbebd87287a2a4c75675e97c2a09e9b37bea949bb0c10e4e8d985e5de51a82680ab1e21274e9a0564d765ee1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe

Filesize
468KB

MD5
558e54e55bdc9767a7c8d19b9959a487

SHA1
3a444349792607d1403f41b56208fb09aee99688

SHA256
489c846cf806decda785a5fd0aff91b8f3cca788116c26d224da740ac5cc6385

SHA512
3dadd4eb3d7e115a7316336f4a95ced10d58783ea43f2fc139b0f0b3c9017d90cff65861f14baea254a7ce3fe84f39027b9a3aa6d575362c588073a3babbd858

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14919.exe

Filesize
468KB

MD5
d40a649145aa76e58a795073de195e09

SHA1
6e2d497011b69ca8eba21278d640e10fa5f81022

SHA256
e8f1da7350ce051e48006402f8e1aa4a84b22a01a229e528c3e4f24cc2634c53

SHA512
95d46117063a583e78d5a6d78d1b3970f468c2e03cc2e4680a3e0b44afa14a33f68b0aedaf8f365bc8e999207626fd33e68f0ab7772a3699961f5fe613c65595

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe

Filesize
468KB

MD5
db5db74781aac33eec8c8e8105b74526

SHA1
cf3415526598521a5aaddcbf18e4a44273cd8c14

SHA256
13a0de4261c2650552d175d9744007ed66aac5a81830858647e5a4b4493561f7

SHA512
b690c7ad1b53439c4b2751dc05a5a0cce660e1f2763b143bf8abf570b3bdbfc56367ed561738a6d4af28090e381af4bfc67dbbb6f9889c06a6acbe1b0af10898

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe

Filesize
468KB

MD5
e8b34cfcd7ab29bd4f07973c7adeba50

SHA1
a232b02cfd387e5c61a564a9235c61cbac25ca61

SHA256
cff1d20c1661eb221bc23c9a776ca6156317f0712a996baf75aabcd55a567f04

SHA512
8ca9ea61fc4bcfaa8311e06aed6bad31ef072e59cffdfbc96f3ae2fa8970aa3a2fb96fe78d688a452d39e369de7d2b701655cc67c82e953fefa5f7d26525da04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe

Filesize
468KB

MD5
885b4bd9dfd31b26c0f2435753609f0b

SHA1
bc6b1697b67608701860066ecbb1cececd54020b

SHA256
236e6c75c08107474b4c58d614a000daf31f061d07149fdce1b6e6e67efa590a

SHA512
0b35a21a3e68620504f377108626c499834d3d6d41d9fed71f7de8497a982f8bca3921428cb93ab7c3ae6a4dc6a78655a2b55fe42019511e18566d911c36673a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe

Filesize
468KB

MD5
95e675e7b08bd7762304c67e76c7ebee

SHA1
bc0c3f06a3a3eeb2ea96da3a8e6c3619bafde168

SHA256
3c35a61873b9f84e3661534d8c01ca2c6da97afbd7dc79f165c73aef0db486a2

SHA512
2a1fa6a7b505eee8c8f609479727cf45532d50986faf996059cb23f6c582b8eb6f49f2b236f3de705d6365c347b617376244be5cc8019f021cc2f25be64e4439

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe

Filesize
468KB

MD5
b58e4ead997f90bda994086eebd4b15a

SHA1
841f18c50eb0a76d3c77a793ca85e4fe51683920

SHA256
ddc8fa0098bd6031fcfe14a6b8972180e864a3d197699b80bed54f0ca2cbd052

SHA512
70a91b28ff7e46fe2bd04fa7d8ff93e9e7af906eec7d0ff17b4dfc493b82c6161733d1883609a9e53c3c754511aedb396c64ecb9d048acdb5473f4e6b8859da7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe

Filesize
468KB

MD5
52abbb6e6113c881e4703fe8e1168e82

SHA1
1c37b5a6fe6ff122e2ce4f9d6ebbe06a66d52c8c

SHA256
36c670b102a4851fffb64f22139d65377757c195c7477156e7c57037c6cecc4d

SHA512
e9ed849a89b48bbb4d021a4fa24f448b59b383dbdf1be51cef2ae67886695bfd1ccdd875b6aa5c31c884f301ca5537604a80feb0a43f26b43cb4b9606bda37d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe

Filesize
468KB

MD5
ce0f3cf7a5632cac902a7464e57e2c88

SHA1
bfcecb1c0cb3c931e8f9fa41045ea338a67c03a5

SHA256
d1f0520dfede30a851a1b9f4027032f3a02772814dcc55690ae1ff5b488f4c8d

SHA512
053152e84d89252b15d9f75a6a09f9cb0b119409dea777e9d23e86206e465a61f226b61eda8c7b7fd9635de49a58bbfa1a6b99f1bfa23a9d6f64f2f2ec9f8246

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe

Filesize
468KB

MD5
866e23fe815f934773f79bc7b07caf96

SHA1
c08807255468630380fc130237fcf6823ca04f78

SHA256
836e0ad3eca9ac35567a6644cb387bbd9d1b8c1fc5e5dcd16ed71cdbfb6a40c4

SHA512
f1758aef5543f9f348b026e9ce70d2c6ae4fa4e5ac17f3f7ad406234ee747c7249db360fd3df28cda9d82435acf41a8f0e9f63372485e4cfdbaa573c8f80646c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe

Filesize
468KB

MD5
1d42b408af4430a918bebdb15ace38cf

SHA1
b28b5eae3083998f03b12fe51cb6da2e9cfddc38

SHA256
38b9cc23f90b6a2beedb153832e00aba7cd60cd7811ecbc3c7c9abb9be72b363

SHA512
3c3583f94906683a4e274a86574325da6ec190ec90a399c479da0f72b433eb46007793aa38a9bd1080f5394fcca80f60ca06f0b6fd565625b6e0b59a0fa076c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe

Filesize
468KB

MD5
c033f09385fd99a50424d139f14b7e30

SHA1
7f8f88d74af9f79941dbf54111e92f0611997c55

SHA256
084af8becb68f3c570d5d2e5577877a8d445b15905073430617813dbdd1f6886

SHA512
f29a2cdf953553e4dff98da3881e25099031441c3c984354a7070dc856533e227e0b1e863aff062592d6fbc1f020cc9f36f976dd590e7107cb86f011711dc80f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe

Filesize
468KB

MD5
469f220da9f3547efaefdd7c8deadd93

SHA1
038cb12bfd3eb5cbde17168016f4d276deac8b65

SHA256
fff79882ccc1b5de141a18febd841895b2671471a2a80e0bcb53d7c1a556de96

SHA512
6c4fef9ffc2eb983e7c2e7710f50f9aa431970495f21002a8a6b10f158179d6cba079f7c8376dac7cc67163789135703370956c7b86f1d1971d5806fbbbcdc80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe

Filesize
468KB

MD5
2b8c5776872fd05aaa15ffbb62683976

SHA1
031c2fc73f37f4c1e04c2736645e29af61b48fa0

SHA256
fae69e1f7f8099a0e6eb399ae7654748650025ffc6b67987cca682d6c811b67e

SHA512
797c3d9f24058232d7498ff64a38fd0a443f38a3b2f008e56d761476d22535373cbb3c966006f0c0e0214479ceb38f9dd3d12347587c4d880fee155f0986f9c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe

Filesize
468KB

MD5
f7ed349bab21a1bcba2653f85ff984eb

SHA1
79286b4ae31ffea4bd9f389cee344c35735dedd0

SHA256
e4060b31b969a1abf66cc310a1751d45bc0894d020021ad7823a4750ecad7cf7

SHA512
98710079f80009c43814ec940a3ce54369313f5eaf288619c4dda827d00434b80ffbc9bc28b9e845532cc5d373f65d282caeed3d3aef00d2b23f6ab512d87efa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60208.exe

Filesize
468KB

MD5
216bc7d138ac7c57f4a02ee81c9541a5

SHA1
db7433734eb09d7fb617cadc47882189877f1eb3

SHA256
daeac69ffbe0021b55ddca70b8e28fae65d1b5bd0703cf02ee2e1ac07c48aa78

SHA512
dc966f9ed73bf3829f90b563c1ef42555612ae3e78820e39915b35c6e95cf09b9bbe1fb3820f275663155d097500b68e1a0910e78f1c01610534ff0b20a4d581

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe

Filesize
468KB

MD5
60241aeaa707c68912d9319d3ed37c3e

SHA1
f58ff9d8cf4c31dbbf8b844808e88bc8020444c6

SHA256
ac28ef056868abdb7fd94d6efe8caa34a9618acf9a01565543368d2be9bc553b

SHA512
e93f6dc5bca1ff2eabbd657f2de17dce8370853c7a6192a0cd318e2234a2618367f2413ee7f0b1fefe687c5dae30c014e835d65c6173aaeb5abaf4a116033736

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe

Filesize
468KB

MD5
77c19425be3dbf13308f8aec395e771f

SHA1
6dd79c319bc120d01b71d1db990f58433a2a055c

SHA256
793af82a398bd6165df4ccd0b71218eef711bf0cead055e71e591767d00447f8

SHA512
1e584427f7426d83075663eb0eba043cc5068b029fdae760485706b53a3810b2e9444f344fd7a9b88ca7ea137a93cccc2633942655916f6b19f5f59d1f130372

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-784.exe

Filesize
468KB

MD5
a9e6cd04407e7a53f26ab7ceba0a3726

SHA1
91d8337b0206c4cad10e6c398dbdb9327f653d77

SHA256
721be2c40a9b3e212c60b6183d0e76a1154adb5e3b10be497663f6c01d94bae2

SHA512
0b39bc863e374717b3ac3b2537899e0ed6384f626a306a38a50fc75b01aee5d820ac049d21b353efe94e4fca6a5e5d332b94bde5c7308e354a768f6e7e6365bb

Download Submit