ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088

Analysis

max time kernel
117s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
Size

468KB
MD5

146d349bbee0818ef3b73734354c6070
SHA1

d04218791997751d294b66e5037b9ce8cd1b6ea9
SHA256

ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088
SHA512

5bec9e09009f68cd8d4f9452b441522c850ca9385dd82b0ef78a6540982370a152fa0a8fe64ad54afcdba89d1cd2c9d175a270d4485bf08d78f4600d4043ce57
SSDEEP

3072:1GeeoEIVq05UubYTH5cOcf8/LChsP0p1nFHewVPPsPp+2SpovNl/:1GXom8UuMHSOcfwYissPgFpov

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3012	Unicorn-25578.exe
1792	Unicorn-11478.exe
1780	Unicorn-10445.exe
2820	Unicorn-28670.exe
2800	Unicorn-48536.exe
2664	Unicorn-15672.exe
1276	Unicorn-14886.exe
2552	Unicorn-26378.exe
2536	Unicorn-57981.exe
1540	Unicorn-6407.exe
796	Unicorn-58209.exe
1240	Unicorn-29066.exe
540	Unicorn-60778.exe
2440	Unicorn-60513.exe
1560	Unicorn-40912.exe
2864	Unicorn-1357.exe
2144	Unicorn-13012.exe
2400	Unicorn-1056.exe
348	Unicorn-34606.exe
1636	Unicorn-44127.exe
684	Unicorn-10686.exe
944	Unicorn-46344.exe
2268	Unicorn-65176.exe
900	Unicorn-19505.exe
2288	Unicorn-36033.exe
2632	Unicorn-46070.exe
904	Unicorn-48648.exe
2284	Unicorn-2711.exe
112	Unicorn-50117.exe
2276	Unicorn-29675.exe
2956	Unicorn-2836.exe
2944	Unicorn-32009.exe
1224	Unicorn-47740.exe
2148	Unicorn-4699.exe
2852	Unicorn-24242.exe
2252	Unicorn-60636.exe
2644	Unicorn-57107.exe
2860	Unicorn-40002.exe
2824	Unicorn-27196.exe
2668	Unicorn-41814.exe
2696	Unicorn-58607.exe
2548	Unicorn-2588.exe
1600	Unicorn-11518.exe
2384	Unicorn-10131.exe
1660	Unicorn-32790.exe
1644	Unicorn-32790.exe
1472	Unicorn-45213.exe
788	Unicorn-31565.exe
1692	Unicorn-31830.exe
2068	Unicorn-14616.exe
1556	Unicorn-61252.exe
2716	Unicorn-47517.exe
1976	Unicorn-17305.exe
2976	Unicorn-51046.exe
2416	Unicorn-7791.exe
2256	Unicorn-59223.exe
832	Unicorn-42515.exe
1596	Unicorn-42515.exe
948	Unicorn-22649.exe
372	Unicorn-22649.exe
1356	Unicorn-42515.exe
992	Unicorn-36385.exe
2004	Unicorn-10070.exe
884	Unicorn-10335.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
3012	Unicorn-25578.exe
3012	Unicorn-25578.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
1792	Unicorn-11478.exe
1780	Unicorn-10445.exe
3012	Unicorn-25578.exe
3012	Unicorn-25578.exe
1780	Unicorn-10445.exe
1792	Unicorn-11478.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
2800	Unicorn-48536.exe
2820	Unicorn-28670.exe
2800	Unicorn-48536.exe
2820	Unicorn-28670.exe
3012	Unicorn-25578.exe
3012	Unicorn-25578.exe
1780	Unicorn-10445.exe
1276	Unicorn-14886.exe
1780	Unicorn-10445.exe
1276	Unicorn-14886.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
1792	Unicorn-11478.exe
2664	Unicorn-15672.exe
2664	Unicorn-15672.exe
1792	Unicorn-11478.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
2552	Unicorn-26378.exe
2552	Unicorn-26378.exe
2800	Unicorn-48536.exe
2800	Unicorn-48536.exe
540	Unicorn-60778.exe
1560	Unicorn-40912.exe
540	Unicorn-60778.exe
1560	Unicorn-40912.exe
1792	Unicorn-11478.exe
1792	Unicorn-11478.exe
1780	Unicorn-10445.exe
1780	Unicorn-10445.exe
2664	Unicorn-15672.exe
2664	Unicorn-15672.exe
880	WerFault.exe
880	WerFault.exe
880	WerFault.exe
880	WerFault.exe
1276	Unicorn-14886.exe
1276	Unicorn-14886.exe
2440	Unicorn-60513.exe
2440	Unicorn-60513.exe
2536	Unicorn-57981.exe
2536	Unicorn-57981.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
3012	Unicorn-25578.exe
2820	Unicorn-28670.exe
3012	Unicorn-25578.exe
2820	Unicorn-28670.exe
880	WerFault.exe
2864	Unicorn-1357.exe
2864	Unicorn-1357.exe
2552	Unicorn-26378.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
880	1240	WerFault.exe	42
1620	1572	WerFault.exe	121

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10070.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
3012	Unicorn-25578.exe
1792	Unicorn-11478.exe
1780	Unicorn-10445.exe
2820	Unicorn-28670.exe
2800	Unicorn-48536.exe
2664	Unicorn-15672.exe
1276	Unicorn-14886.exe
2552	Unicorn-26378.exe
796	Unicorn-58209.exe
540	Unicorn-60778.exe
1540	Unicorn-6407.exe
2440	Unicorn-60513.exe
1560	Unicorn-40912.exe
1240	Unicorn-29066.exe
2536	Unicorn-57981.exe
2864	Unicorn-1357.exe
2144	Unicorn-13012.exe
2400	Unicorn-1056.exe
348	Unicorn-34606.exe
1636	Unicorn-44127.exe
684	Unicorn-10686.exe
944	Unicorn-46344.exe
2288	Unicorn-36033.exe
900	Unicorn-19505.exe
2268	Unicorn-65176.exe
904	Unicorn-48648.exe
2632	Unicorn-46070.exe
2284	Unicorn-2711.exe
112	Unicorn-50117.exe
2276	Unicorn-29675.exe
2956	Unicorn-2836.exe
2944	Unicorn-32009.exe
1224	Unicorn-47740.exe
2148	Unicorn-4699.exe
2852	Unicorn-24242.exe
2644	Unicorn-57107.exe
2252	Unicorn-60636.exe
2860	Unicorn-40002.exe
2824	Unicorn-27196.exe
2668	Unicorn-41814.exe
2696	Unicorn-58607.exe
2548	Unicorn-2588.exe
1600	Unicorn-11518.exe
2384	Unicorn-10131.exe
1660	Unicorn-32790.exe
1644	Unicorn-32790.exe
1472	Unicorn-45213.exe
788	Unicorn-31565.exe
1692	Unicorn-31830.exe
2068	Unicorn-14616.exe
1556	Unicorn-61252.exe
1976	Unicorn-17305.exe
2976	Unicorn-51046.exe
2716	Unicorn-47517.exe
2416	Unicorn-7791.exe
2256	Unicorn-59223.exe
1596	Unicorn-42515.exe
884	Unicorn-10335.exe
992	Unicorn-36385.exe
2004	Unicorn-10070.exe
1356	Unicorn-42515.exe
948	Unicorn-22649.exe
832	Unicorn-42515.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 3012	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	31
PID 2084 wrote to memory of 3012	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	31
PID 2084 wrote to memory of 3012	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	31
PID 2084 wrote to memory of 3012	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	31
PID 3012 wrote to memory of 1792	3012	Unicorn-25578.exe	32
PID 3012 wrote to memory of 1792	3012	Unicorn-25578.exe	32
PID 3012 wrote to memory of 1792	3012	Unicorn-25578.exe	32
PID 3012 wrote to memory of 1792	3012	Unicorn-25578.exe	32
PID 2084 wrote to memory of 1780	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	33
PID 2084 wrote to memory of 1780	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	33
PID 2084 wrote to memory of 1780	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	33
PID 2084 wrote to memory of 1780	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	33
PID 3012 wrote to memory of 2820	3012	Unicorn-25578.exe	36
PID 3012 wrote to memory of 2820	3012	Unicorn-25578.exe	36
PID 3012 wrote to memory of 2820	3012	Unicorn-25578.exe	36
PID 3012 wrote to memory of 2820	3012	Unicorn-25578.exe	36
PID 1780 wrote to memory of 2800	1780	Unicorn-10445.exe	35
PID 1780 wrote to memory of 2800	1780	Unicorn-10445.exe	35
PID 1780 wrote to memory of 2800	1780	Unicorn-10445.exe	35
PID 1780 wrote to memory of 2800	1780	Unicorn-10445.exe	35
PID 1792 wrote to memory of 2664	1792	Unicorn-11478.exe	34
PID 1792 wrote to memory of 2664	1792	Unicorn-11478.exe	34
PID 1792 wrote to memory of 2664	1792	Unicorn-11478.exe	34
PID 1792 wrote to memory of 2664	1792	Unicorn-11478.exe	34
PID 2084 wrote to memory of 1276	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	37
PID 2084 wrote to memory of 1276	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	37
PID 2084 wrote to memory of 1276	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	37
PID 2084 wrote to memory of 1276	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	37
PID 2800 wrote to memory of 2552	2800	Unicorn-48536.exe	39
PID 2800 wrote to memory of 2552	2800	Unicorn-48536.exe	39
PID 2800 wrote to memory of 2552	2800	Unicorn-48536.exe	39
PID 2800 wrote to memory of 2552	2800	Unicorn-48536.exe	39
PID 2820 wrote to memory of 2536	2820	Unicorn-28670.exe	38
PID 2820 wrote to memory of 2536	2820	Unicorn-28670.exe	38
PID 2820 wrote to memory of 2536	2820	Unicorn-28670.exe	38
PID 2820 wrote to memory of 2536	2820	Unicorn-28670.exe	38
PID 3012 wrote to memory of 1540	3012	Unicorn-25578.exe	40
PID 3012 wrote to memory of 1540	3012	Unicorn-25578.exe	40
PID 3012 wrote to memory of 1540	3012	Unicorn-25578.exe	40
PID 3012 wrote to memory of 1540	3012	Unicorn-25578.exe	40
PID 1780 wrote to memory of 796	1780	Unicorn-10445.exe	41
PID 1780 wrote to memory of 796	1780	Unicorn-10445.exe	41
PID 1780 wrote to memory of 796	1780	Unicorn-10445.exe	41
PID 1780 wrote to memory of 796	1780	Unicorn-10445.exe	41
PID 1276 wrote to memory of 1240	1276	Unicorn-14886.exe	42
PID 1276 wrote to memory of 1240	1276	Unicorn-14886.exe	42
PID 1276 wrote to memory of 1240	1276	Unicorn-14886.exe	42
PID 1276 wrote to memory of 1240	1276	Unicorn-14886.exe	42
PID 2664 wrote to memory of 540	2664	Unicorn-15672.exe	45
PID 2664 wrote to memory of 540	2664	Unicorn-15672.exe	45
PID 2664 wrote to memory of 540	2664	Unicorn-15672.exe	45
PID 2664 wrote to memory of 540	2664	Unicorn-15672.exe	45
PID 1792 wrote to memory of 1560	1792	Unicorn-11478.exe	44
PID 1792 wrote to memory of 1560	1792	Unicorn-11478.exe	44
PID 1792 wrote to memory of 1560	1792	Unicorn-11478.exe	44
PID 1792 wrote to memory of 1560	1792	Unicorn-11478.exe	44
PID 2084 wrote to memory of 2440	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	43
PID 2084 wrote to memory of 2440	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	43
PID 2084 wrote to memory of 2440	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	43
PID 2084 wrote to memory of 2440	2084	ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe	43
PID 2552 wrote to memory of 2864	2552	Unicorn-26378.exe	46
PID 2552 wrote to memory of 2864	2552	Unicorn-26378.exe	46
PID 2552 wrote to memory of 2864	2552	Unicorn-26378.exe	46
PID 2552 wrote to memory of 2864	2552	Unicorn-26378.exe	46

C:\Users\Admin\AppData\Local\Temp\ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe
"C:\Users\Admin\AppData\Local\Temp\ca2156b977beeaea085dc6ac780e033e46fbdcb56cb12baa60cf5b8fe89ec088N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25578.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55910.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46922.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        7⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        6⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        7⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        7⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        6⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
        6⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        7⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        6⤵
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        5⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        6⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        5⤵
        
        PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        7⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        8⤵
        Program crash
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        7⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        6⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
        7⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        6⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        7⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
        5⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16170.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        5⤵
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        5⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        5⤵
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
      4⤵
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        7⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        5⤵
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        7⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        5⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        5⤵
        
        PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
      4⤵
      PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        5⤵
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
      4⤵
      PID:6768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        5⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        5⤵
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
      4⤵
      PID:6300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
    3⤵
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
    3⤵
    PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
    3⤵
    PID:3796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
    3⤵
    PID:6040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        7⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        7⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        6⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        7⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        6⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        6⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        5⤵
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        7⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        6⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        5⤵
        Executes dropped EXE
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        7⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        5⤵
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
      4⤵
      PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        5⤵
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27001.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
        5⤵
        
        PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
      4⤵
      PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        6⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        6⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-448.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
      4⤵
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
      4⤵
      PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
      4⤵
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
      4⤵
      PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
      4⤵
      PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
    3⤵
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
      4⤵
      PID:6628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
    3⤵
    PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
    3⤵
    PID:6088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 244
      4⤵
      Loads dropped DLL
      Program crash
      PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        6⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        6⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        5⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
      4⤵
      PID:7132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
      4⤵
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        5⤵
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4417.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
    3⤵
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      4⤵
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
    3⤵
    PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
    3⤵
    PID:5916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12797.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        5⤵
        
        PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64322.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
      4⤵
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
      4⤵
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
      4⤵
      PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
    3⤵
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
    3⤵
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
    3⤵
    PID:1340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
      4⤵
      PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
      4⤵
      PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
    3⤵
    PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
    3⤵
    PID:5680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
    3⤵
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
      4⤵
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
    3⤵
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
    3⤵
    PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
    3⤵
    PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
    3⤵
    PID:5192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32024.exe
  2⤵
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
    3⤵
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
    3⤵
    PID:988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
  2⤵
  PID:3516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
  2⤵
  PID:4228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
  2⤵
  PID:928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
  2⤵
  PID:5556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe

Filesize
468KB

MD5
de47d41f4121ad3884bd8676d9e6274a

SHA1
778d33451a9c67dc9a53c5532baf242fab15821f

SHA256
7181d6e52e6bd1b02b07e43ca31bd2a6bc4f989aba5ad23a174cdc2816bee27c

SHA512
abfa3dabe06243ec5e3444686f08034a7fca9e3a20b9b97dd880d3c7bce5b6f877087fcc1ed32bb89afccc4956b22467705984421468f2bb6f5984d2ae8af399

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe

Filesize
468KB

MD5
95ac9a1adafd2affc6d31ab561aa75a1

SHA1
9d0e2470c319219f7ab525bb477f778aef9d51ee

SHA256
4e7dade7290ada17ad10e7accbb6f90bc8335cc637a691a4ca719747a1e0b4ca

SHA512
360f4defabadd035e9c806140fa43477444feb72a13b284b24a53954df90f8648dd6428b33bdc52d090e563769df86288c7fe5fcdd9c2d6224372cc295347786

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe

Filesize
468KB

MD5
a6284f74c079134f76ff18a6a3c8e64c

SHA1
553f430d8e865c83e3a7f665dc6456a9d0e71bc6

SHA256
27e7a1376bbdeafab81611fb36fc3e345f8c5d693abcfd119f5f36e07a7141d9

SHA512
3649d5fcc7d04eac8fec4d410de4d98c4487e275003e5a40ed66413cd04a0ec547e0ef67a9696831005117749eaf89888cdfda39e3005863633963f20a90a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe

Filesize
468KB

MD5
7be74bccb599f53ad8b35989a7c86145

SHA1
6bbb53e3272390cf48600f2b9cc9c593ccc8e708

SHA256
f3f372c2751a401b8f0c19132d2ef2f8b3354d504e75a591f021025379fbfcd7

SHA512
d1ecae82aedfc6ce769aceaa3ff0b6aeeb1ac1b49f42e3a5aa1216bb8ea8dab42a627e3a4e1b2be5978ad5005dac0f746bbc65dc6727bb57236f9ef6c12edd71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40002.exe

Filesize
468KB

MD5
97ad0f0e2a34918b2d703b19d3481380

SHA1
ad9898c3e2f4bf9f877baa8ff8fd7a17a504d7ec

SHA256
c0d4c96eedd7bdcff38052f2465e2483a00a54fd44addbc26faeb6b97076d316

SHA512
d95ad0ed3812d4e69f918ca1ef3020c42ca8c470576fb728200ee1bf7320fe5dd31ed97b25a955354d735e9caecf9d4ade0c369c3e6e7ae37c780b95ed865aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6407.exe

Filesize
468KB

MD5
1eea11303e94b5f109e1c71d95867c3a

SHA1
006f65512aa5c6bd55eb3919475b4f62665175eb

SHA256
e6e7bfa42253a31eb57584ebafd82ec4ca03ee73251ec3ad5d57939da09f9ac0

SHA512
d31b5fb2dc5ac400aacccc1c2064e8ff0a2e645813460883763057b0bb3031b81e70f1c3b46d542f4a146ce1bd2e4610b3faba3fcd761c37e59caf5d271534b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe

Filesize
468KB

MD5
06cae75fb29d32b14f7e9ef7af0b8f1c

SHA1
9b46b2b8c63e4932e40426c0bc2374b62d4a641b

SHA256
c14ef86c7c579d406859a7a694e9b842215aa784033176f891d865590e86c615

SHA512
703ab43ddeb4f2134f4ff210a8cd2c42b1467bbb61fd378b8af8e0f964ddeab19b545cdbdc61dcf8436b0186817d994ff8f44f478cb8318429ab38288a76a498

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe

Filesize
468KB

MD5
c2abf12ef335205c8260be1128718a9d

SHA1
0433e0a491680348ec6e144e5007ff6c07126fb4

SHA256
f34c0915463730c67ac22dad9a5a87ae0f3bb15edebfd9f2c0ebf64f603c4447

SHA512
c338bac7ad0fb0f12374a6a86f0f1a220c5939f2b46e68dae0cafc2ef4f5635a48e79aa4ebd966dc99cae993c41dc8cf6f0dab728fa7e1ab7e5c23c2d468d61d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe

Filesize
468KB

MD5
2d41182a76bb2ba57965a9c9e438467c

SHA1
7e44dfa209d94ce2cb348bf6cfe7dacbed828676

SHA256
d6a1ca51f8150907e31a642863337aafa2fe708a1451ac769b6984a7284be697

SHA512
313e1c2cd957894edac8e2e8fab0a7a9a742253cc90f520349ecaf3d4a13da1dc7f0061d18b284d0b316218640b1248f029d5ce54e872720185a22d6d6c95bfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe

Filesize
468KB

MD5
938b5e9aa3b5f15c6f6f928f764043c1

SHA1
1055e83920ab19e36939c19765a5f84a05e80f90

SHA256
9ff2d6bf2c535d25a00f0117c6debd1998837ccf5c42d2b7d822dfc033087a3f

SHA512
28bb43b054640b1b907bed78c33274e8fb9c7df673bee0fdb1c13ec866032f53b21b42589893b843704fef58c02e56206c382fb1057965e3615efb8377c367c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe

Filesize
468KB

MD5
def5287dd5ddc6e53d7453148bb05e0b

SHA1
ff44e5f186ea7cc131f8cc1b5f23ee9842f9c452

SHA256
8fdc07123b6bf958d6f3fa4027db98a67d27e140b627c8a7a1f51b23be3ff88f

SHA512
79edcc4fda75e8e89a68e945a9e16fce3009528c28486151cf514232abca5e86267cae64dc04daf99ea89ef526ef9155682715df539f2e1df06be5727d4941cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe

Filesize
468KB

MD5
c169efc9024ed73e7288846156dc92ca

SHA1
7f20dc18ae239c05764ed4ccc6c3024ba086d033

SHA256
060a9ce59e1168a103f9ec97fdb2bbb5fb7781bd9fa10b6d648c9680f7a9de13

SHA512
268999c92b059da3b4730efb225214b2683b98f04ed53d9f3d698ab9929b82e56f42791232e6e832420ba2cdf10723c9934de249eb91876afaec3ff044fdd629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe

Filesize
468KB

MD5
c129284fc24c351f8f911bcdc0b25ca1

SHA1
1ca206782284c8a872cd5e1c751777c58c3b2164

SHA256
5c1446bfe2170aa4449cc4458ab45b4ee4b07a834cd4b95913d4194f103953cd

SHA512
f381e6d0f98ac8353b69b6ef88de005137c136d9bbd308074d4f25f847a2951aad8091152ce475e6214239af49caa289dcd9814b200787cb0457991026863d9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25578.exe

Filesize
468KB

MD5
fb198756c2163a884805d4a1027fc14a

SHA1
fde85eec08f83f8bb6e29f2bfe48114fa13337c7

SHA256
5cc507cab4a46ddb7f979d53ca82731158e216f8f139347bf12543521c2e933f

SHA512
d8b7988b8592ef33bea8a48339bfcc5c4467d7bbb74dc3a67fb003adaae3837eb214e57df1437aade13bb9f578856b1af9432c1da329bc47b6dd32b7a2d00af6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe

Filesize
468KB

MD5
0551086fae9a69ea73599cb6cc2ef317

SHA1
e1c2a45d00c616948c49c72f9c18b1119ce90760

SHA256
33fe23243f2d1c413c62293a599b3e8f43a634b59ad9ea28a1227a705b4076cd

SHA512
8ec065a1441c455fff508ec9af9a109c28958473d72bfd09eaba8f520dca4b86e9c4764ce14830c0d75f3a2f3fc0d7e9d9bb42d4ff428609618a620ec3111258

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe

Filesize
468KB

MD5
9918a3ca8ac77253847900daa42cbd63

SHA1
c6505d4bc26d1defcec912b924edceb310aa1b0d

SHA256
7c9934806f44fa08e80869d24bcc961f94554f9392e08ead4e7a10ef0be288eb

SHA512
86161ce3568808b14dfbb1ccfdf1c36b4cbc90b92cee56d35af52131105d456de6384b9c27c79084feed02cecb94e0615b49ee3d2f8994a8fafa4e1417aca94b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe

Filesize
468KB

MD5
4ec494deeda24edcff1bb89229a35626

SHA1
ef4792757dca636c6a1595c1de1cf024271637d6

SHA256
ca9c3ff83cc6ee0233f61cee7e7bda82d0b60d6dbf0f0206f3885f5ce9ada1cc

SHA512
20f374889ad8c4a2f624a09c493c5466d679e153a2e90eb2eb3ec037d3cdb2cd13ee28b8c74a5bc04afccfdb6dd9a3c1a53b98d439915d41ce763a5c97db5d81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe

Filesize
468KB

MD5
04cdaa4a1832ba7fabbfb60c8b9a3ea1

SHA1
cbda703b674b1f8b58e6ad7cdc6697350ce20efe

SHA256
49a961c7d52bdc4320dd0757f685fd4ffdebf81ee181c646f23cb1dbf87a376f

SHA512
423c05be2ad2018597f5e0eb715f2ec9a3176f46b834dc37891e90acc39e47b04f53e1a2e1ef3383f1e028ae7cf3ed15a9f415696cc7e399f13269f8aafd1d9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe

Filesize
468KB

MD5
008574a4be91a74da68bde8e7263cd36

SHA1
2c86514be1c84452d11cb1d3c317336a233ad40d

SHA256
ac72d92217392d2f633d06d8a107e9497f6d0b6b88a842db27a42dc2fac8f7c1

SHA512
70e0d11018c79c3882d1d7efc45a6b40db39a9134f988d9a07e1a7e3855de3ae5f1bf6878e8e681e8b431012f3943825f10c11325442e28cad1fe09295b2da31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe

Filesize
468KB

MD5
98adba667d096c14da8b5f50da52ec8e

SHA1
e8dc3404d0ed0e6afefb4791b1d07706fd87783a

SHA256
24e15cd577b9378e139a783a8da29cd5f304408026bdf851a3d63b861cfd9ebe

SHA512
0a9665ee0630ee2f1bc589fed9c65bcfcbb97e1933ad4ad8ea53cf5fbbbb77b99a7e70df04f5d1eeeceea9632dfd6aa0c4d6f7fbac1b2155fe0aaa5b507b2869

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe

Filesize
468KB

MD5
36dfbe1b0b89249da575f8213c8c21b5

SHA1
509e93b53167cd53c911f7f1acd9aa07c822418f

SHA256
a5e28baf006c3d18b77d4021950925b946b7a6e68b9b9dddccb1615b0cc02456

SHA512
5fd640cddf0583750682804fc7bfa46586417a2bf5e123eeda3b48f162a4ecf2139448274863b8d6683e8b50a6470d4a70b8916647bf30abbc5343ff3b3ef697

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe

Filesize
468KB

MD5
8343c7b71eb5ef879fdf75e535fb7917

SHA1
53ec9d35b3c47a1436dd533e463ccdf121322f89

SHA256
f29d2534c962400a2e80b6693eca46c59f3dee2f9a80f8c5039822b70a7453f1

SHA512
3f5b82a07cae37e889be9bde923b8bf8a4cf037415b62530bd7a79049f50c806a3a9be3d24e4f5950b81716c1956ca6ca7a37ccfc64b51b2695138e32b1a08fb

Download Submit