033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
Size

468KB
MD5

c5086158e695a3ff0debfb75e4414b97
SHA1

aa4dd666406b9c90bd1eba4172bad69d9b10380d
SHA256

033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415
SHA512

02b3df38eb6b02c7aebcae583dfac96c06a88a166c871128c00d094d8a16271e28f972f072c7e031f8bd953907a118e599c72bf225f63eba72c39d260ffce936
SSDEEP

3072:XMeKoge8Iw5etbYWPzBWbfD/ECLwTIp9QmHeQVYz7vCL66Xusgl6:XMrobgetlP1Wbfu0kZ7vENXus

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2816	Unicorn-40657.exe
2696	Unicorn-61160.exe
2784	Unicorn-49463.exe
2608	Unicorn-25328.exe
2584	Unicorn-29966.exe
2092	Unicorn-35233.exe
1968	Unicorn-49832.exe
2032	Unicorn-46599.exe
3024	Unicorn-32763.exe
2260	Unicorn-62743.exe
2944	Unicorn-3328.exe
2336	Unicorn-61928.exe
2832	Unicorn-15991.exe
1740	Unicorn-16257.exe
2376	Unicorn-28208.exe
1772	Unicorn-28762.exe
1776	Unicorn-7595.exe
1948	Unicorn-44444.exe
1600	Unicorn-4087.exe
1008	Unicorn-11248.exe
888	Unicorn-12639.exe
1896	Unicorn-18761.exe
1392	Unicorn-41228.exe
1928	Unicorn-14585.exe
1904	Unicorn-45047.exe
1520	Unicorn-58119.exe
2308	Unicorn-12447.exe
336	Unicorn-11685.exe
2316	Unicorn-41420.exe
2292	Unicorn-51212.exe
1048	Unicorn-53371.exe
2476	Unicorn-19115.exe
2240	Unicorn-38981.exe
2852	Unicorn-16157.exe
2716	Unicorn-24591.exe
2756	Unicorn-25145.exe
2660	Unicorn-45011.exe
2856	Unicorn-59301.exe
2692	Unicorn-43449.exe
2600	Unicorn-6500.exe
1292	Unicorn-53655.exe
752	Unicorn-54118.exe
2536	Unicorn-64253.exe
2820	Unicorn-56640.exe
2112	Unicorn-10968.exe
1152	Unicorn-31124.exe
680	Unicorn-662.exe
2020	Unicorn-17553.exe
1012	Unicorn-37419.exe
1732	Unicorn-53526.exe
1840	Unicorn-5094.exe
2188	Unicorn-52157.exe
920	Unicorn-1565.exe
2484	Unicorn-42619.exe
1076	Unicorn-11130.exe
784	Unicorn-1586.exe
1496	Unicorn-62939.exe
1040	Unicorn-18477.exe
1872	Unicorn-29106.exe
1512	Unicorn-49526.exe
2896	Unicorn-5478.exe
2928	Unicorn-33766.exe
652	Unicorn-13900.exe
2428	Unicorn-11107.exe

Loads dropped DLL 64 IoCs

pid	Process
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2816	Unicorn-40657.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2816	Unicorn-40657.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2696	Unicorn-61160.exe
2696	Unicorn-61160.exe
2816	Unicorn-40657.exe
2816	Unicorn-40657.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2784	Unicorn-49463.exe
2784	Unicorn-49463.exe
2608	Unicorn-25328.exe
2608	Unicorn-25328.exe
2696	Unicorn-61160.exe
2696	Unicorn-61160.exe
2584	Unicorn-29966.exe
2816	Unicorn-40657.exe
2584	Unicorn-29966.exe
2816	Unicorn-40657.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2784	Unicorn-49463.exe
2784	Unicorn-49463.exe
1968	Unicorn-49832.exe
1968	Unicorn-49832.exe
1000	WerFault.exe
1000	WerFault.exe
1000	WerFault.exe
1000	WerFault.exe
1000	WerFault.exe
1000	WerFault.exe
1000	WerFault.exe
2032	Unicorn-46599.exe
2032	Unicorn-46599.exe
2608	Unicorn-25328.exe
2608	Unicorn-25328.exe
3024	Unicorn-32763.exe
3024	Unicorn-32763.exe
2696	Unicorn-61160.exe
2696	Unicorn-61160.exe
2260	Unicorn-62743.exe
2260	Unicorn-62743.exe
2584	Unicorn-29966.exe
2584	Unicorn-29966.exe
2336	Unicorn-61928.exe
2336	Unicorn-61928.exe
2784	Unicorn-49463.exe
2784	Unicorn-49463.exe
2944	Unicorn-3328.exe
2944	Unicorn-3328.exe
2816	Unicorn-40657.exe
2816	Unicorn-40657.exe
1740	Unicorn-16257.exe
1740	Unicorn-16257.exe
1968	Unicorn-49832.exe
1968	Unicorn-49832.exe
2832	Unicorn-15991.exe
2832	Unicorn-15991.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2376	Unicorn-28208.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1000	2092	WerFault.exe	35
2464	1872	WerFault.exe	89

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17486.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
2816	Unicorn-40657.exe
2696	Unicorn-61160.exe
2784	Unicorn-49463.exe
2608	Unicorn-25328.exe
2584	Unicorn-29966.exe
2092	Unicorn-35233.exe
1968	Unicorn-49832.exe
2032	Unicorn-46599.exe
3024	Unicorn-32763.exe
2260	Unicorn-62743.exe
2944	Unicorn-3328.exe
2336	Unicorn-61928.exe
2832	Unicorn-15991.exe
1740	Unicorn-16257.exe
2376	Unicorn-28208.exe
1772	Unicorn-28762.exe
1776	Unicorn-7595.exe
1948	Unicorn-44444.exe
1600	Unicorn-4087.exe
1008	Unicorn-11248.exe
888	Unicorn-12639.exe
1392	Unicorn-41228.exe
1896	Unicorn-18761.exe
1928	Unicorn-14585.exe
2308	Unicorn-12447.exe
1520	Unicorn-58119.exe
1904	Unicorn-45047.exe
336	Unicorn-11685.exe
2316	Unicorn-41420.exe
1048	Unicorn-53371.exe
2292	Unicorn-51212.exe
2240	Unicorn-38981.exe
2476	Unicorn-19115.exe
2852	Unicorn-16157.exe
2716	Unicorn-24591.exe
2756	Unicorn-25145.exe
2660	Unicorn-45011.exe
2856	Unicorn-59301.exe
2600	Unicorn-6500.exe
2692	Unicorn-43449.exe
1292	Unicorn-53655.exe
752	Unicorn-54118.exe
2820	Unicorn-56640.exe
2112	Unicorn-10968.exe
1152	Unicorn-31124.exe
680	Unicorn-662.exe
2536	Unicorn-64253.exe
1012	Unicorn-37419.exe
2020	Unicorn-17553.exe
1732	Unicorn-53526.exe
2188	Unicorn-52157.exe
920	Unicorn-1565.exe
1840	Unicorn-5094.exe
2484	Unicorn-42619.exe
1076	Unicorn-11130.exe
1496	Unicorn-62939.exe
1040	Unicorn-18477.exe
1872	Unicorn-29106.exe
784	Unicorn-1586.exe
1512	Unicorn-49526.exe
2896	Unicorn-5478.exe
652	Unicorn-13900.exe
2928	Unicorn-33766.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2816	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	30
PID 1364 wrote to memory of 2816	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	30
PID 1364 wrote to memory of 2816	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	30
PID 1364 wrote to memory of 2816	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	30
PID 2816 wrote to memory of 2696	2816	Unicorn-40657.exe	31
PID 2816 wrote to memory of 2696	2816	Unicorn-40657.exe	31
PID 2816 wrote to memory of 2696	2816	Unicorn-40657.exe	31
PID 2816 wrote to memory of 2696	2816	Unicorn-40657.exe	31
PID 1364 wrote to memory of 2784	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	32
PID 1364 wrote to memory of 2784	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	32
PID 1364 wrote to memory of 2784	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	32
PID 1364 wrote to memory of 2784	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	32
PID 2696 wrote to memory of 2608	2696	Unicorn-61160.exe	33
PID 2696 wrote to memory of 2608	2696	Unicorn-61160.exe	33
PID 2696 wrote to memory of 2608	2696	Unicorn-61160.exe	33
PID 2696 wrote to memory of 2608	2696	Unicorn-61160.exe	33
PID 2816 wrote to memory of 2584	2816	Unicorn-40657.exe	34
PID 2816 wrote to memory of 2584	2816	Unicorn-40657.exe	34
PID 2816 wrote to memory of 2584	2816	Unicorn-40657.exe	34
PID 2816 wrote to memory of 2584	2816	Unicorn-40657.exe	34
PID 1364 wrote to memory of 2092	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	35
PID 1364 wrote to memory of 2092	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	35
PID 1364 wrote to memory of 2092	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	35
PID 1364 wrote to memory of 2092	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	35
PID 2784 wrote to memory of 1968	2784	Unicorn-49463.exe	36
PID 2784 wrote to memory of 1968	2784	Unicorn-49463.exe	36
PID 2784 wrote to memory of 1968	2784	Unicorn-49463.exe	36
PID 2784 wrote to memory of 1968	2784	Unicorn-49463.exe	36
PID 2608 wrote to memory of 2032	2608	Unicorn-25328.exe	37
PID 2608 wrote to memory of 2032	2608	Unicorn-25328.exe	37
PID 2608 wrote to memory of 2032	2608	Unicorn-25328.exe	37
PID 2608 wrote to memory of 2032	2608	Unicorn-25328.exe	37
PID 2696 wrote to memory of 3024	2696	Unicorn-61160.exe	38
PID 2696 wrote to memory of 3024	2696	Unicorn-61160.exe	38
PID 2696 wrote to memory of 3024	2696	Unicorn-61160.exe	38
PID 2696 wrote to memory of 3024	2696	Unicorn-61160.exe	38
PID 2092 wrote to memory of 1000	2092	Unicorn-35233.exe	40
PID 2092 wrote to memory of 1000	2092	Unicorn-35233.exe	40
PID 2092 wrote to memory of 1000	2092	Unicorn-35233.exe	40
PID 2092 wrote to memory of 1000	2092	Unicorn-35233.exe	40
PID 2584 wrote to memory of 2260	2584	Unicorn-29966.exe	39
PID 2584 wrote to memory of 2260	2584	Unicorn-29966.exe	39
PID 2584 wrote to memory of 2260	2584	Unicorn-29966.exe	39
PID 2584 wrote to memory of 2260	2584	Unicorn-29966.exe	39
PID 2816 wrote to memory of 2944	2816	Unicorn-40657.exe	41
PID 2816 wrote to memory of 2944	2816	Unicorn-40657.exe	41
PID 2816 wrote to memory of 2944	2816	Unicorn-40657.exe	41
PID 2816 wrote to memory of 2944	2816	Unicorn-40657.exe	41
PID 1364 wrote to memory of 2832	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	42
PID 1364 wrote to memory of 2832	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	42
PID 1364 wrote to memory of 2832	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	42
PID 1364 wrote to memory of 2832	1364	033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe	42
PID 2784 wrote to memory of 2336	2784	Unicorn-49463.exe	43
PID 2784 wrote to memory of 2336	2784	Unicorn-49463.exe	43
PID 2784 wrote to memory of 2336	2784	Unicorn-49463.exe	43
PID 2784 wrote to memory of 2336	2784	Unicorn-49463.exe	43
PID 1968 wrote to memory of 1740	1968	Unicorn-49832.exe	44
PID 1968 wrote to memory of 1740	1968	Unicorn-49832.exe	44
PID 1968 wrote to memory of 1740	1968	Unicorn-49832.exe	44
PID 1968 wrote to memory of 1740	1968	Unicorn-49832.exe	44
PID 2032 wrote to memory of 2376	2032	Unicorn-46599.exe	45
PID 2032 wrote to memory of 2376	2032	Unicorn-46599.exe	45
PID 2032 wrote to memory of 2376	2032	Unicorn-46599.exe	45
PID 2032 wrote to memory of 2376	2032	Unicorn-46599.exe	45

C:\Users\Admin\AppData\Local\Temp\033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe
"C:\Users\Admin\AppData\Local\Temp\033127106c6a2a584af4dac525e982cebf25c4a90f0ade6d960ca39e887f8415.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28639.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        7⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
        7⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        7⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14707.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        7⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50770.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45199.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        6⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31436.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        7⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
        7⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        6⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        6⤵
        
        PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        6⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        6⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33117.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        7⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        7⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
        6⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        5⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38981.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        6⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11622.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24555.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
        5⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        5⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
      4⤵
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
      4⤵
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
      4⤵
      PID:6024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        8⤵
        Program crash
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30429.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        7⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        7⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        6⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18040.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        7⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        6⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        6⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        5⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        5⤵
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
      4⤵
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
      4⤵
      PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
      4⤵
      PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
      4⤵
      PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
      4⤵
      PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        6⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        6⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        5⤵
        
        PID:272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51554.exe
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44019.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
      4⤵
      PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
      4⤵
      PID:6352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11130.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23517.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
      4⤵
      PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
    3⤵
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
    3⤵
    PID:3480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
    3⤵
    PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
    3⤵
    PID:5496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        6⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37305.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        6⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        6⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3838.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45364.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
      4⤵
      Executes dropped EXE
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        5⤵
        
        PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
      4⤵
      PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10242.exe
      4⤵
      PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
      4⤵
      PID:6968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
        6⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46630.exe
        5⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        6⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        6⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5177.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14961.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
      4⤵
      PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
        5⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        5⤵
        
        PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
      4⤵
      PID:6956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
      4⤵
      PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9435.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
      4⤵
      PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
    3⤵
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1646.exe
      4⤵
      PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
      4⤵
      PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16249.exe
      4⤵
      PID:6508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
    3⤵
    PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
    3⤵
    PID:5236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
    3⤵
    PID:6292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7734.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22683.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
      4⤵
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50865.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15823.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        5⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
      4⤵
      PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
      4⤵
      PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
    3⤵
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
      4⤵
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2641.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
      4⤵
      PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
      4⤵
      PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35182.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
    3⤵
    PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
    3⤵
    PID:5924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
      4⤵
      PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
      4⤵
      PID:5840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
    3⤵
    PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26125.exe
    3⤵
    PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63633.exe
    3⤵
    PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62961.exe
    3⤵
    PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
    3⤵
    PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
    3⤵
    PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
    3⤵
    PID:6376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
  2⤵
  PID:2644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
  2⤵
  PID:3184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
  2⤵
  PID:3592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
  2⤵
  PID:5012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
  2⤵
  PID:5464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
  2⤵
  PID:5956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe

Filesize
468KB

MD5
44e7a6f3e790127a938d4d1340fa193c

SHA1
7935d7606ef1bb162ae78612493f5a20f1e404f9

SHA256
9cfc4907322e575f483f3785111df907b7e30fd9e1aba35a944cbdda8aa02ffa

SHA512
dc7462d7c1c362858dd6583d711b51665964b6b42877fdc1c2058baf95b421d1b37bd18134aa8c59cc251ad1eec8d2a09b96eb1f4da765013e18fa5995b3718d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe

Filesize
468KB

MD5
728922931842327c8e27ea2e56c9c0a2

SHA1
204d072d0e3a9b56df0975bfeaa969a52d46a638

SHA256
2a2e5aae5bdb20f1012a98ea6983204cb7e3636ef427ff91f1a18dfddf9b08bf

SHA512
a9e18942d89c04f57d31f97665962fb88606d5f8117dbfd6b9b26bede6b7b015617510559808019e2be474adef0789300a68d93ae51a718fd30fa8411897eea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe

Filesize
468KB

MD5
38aff533ab78fc2b5e5f6e1d96797648

SHA1
8abe3f59bc440b2f3ca99c5d90f4e0aae96faa20

SHA256
09c3595200efe1f02a917cca58828c0791f42eaf7abf3845377645a9f240c0c7

SHA512
2c1b3d90274de44b9646664c6e19ffdff44ba160ba73230cd0491bee14a9e2bfbd86c4ab49fd16cda7fe228bafe9e2eda93f3c0764a01a1d636a7552fb60f721

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe

Filesize
468KB

MD5
36aae7f0529b88ce4127990411086515

SHA1
368daafb9188520db08454ff645c366048974116

SHA256
0e7df532456ccc37cfd9e6169237ab13ff0211355dcc66b03162ab09ffb7a316

SHA512
d2864aadd16e23ba1691b04cba71ed481c8b5812349d107236c5a602bd34b97667a32c68f0d10e529f9dd7a0b02311229e45fe28833352c786c99a3dda12bab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe

Filesize
468KB

MD5
9f82a1c22160f0430c756bc7edbcad77

SHA1
fd8ef19e4c25d200245cfdd29391df3916e849a6

SHA256
4bfb99596995315d0e42b8f3f769d172074f10318bd9802569a2fadd1cc827de

SHA512
5759bfd098878990f60e0df74127e640e6a37fb2ad2a3d874cb21d520d7c159f194576d791ca14c4ee92eae90e7c807c0a9f04a5b88dd57611fb93b288de177c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe

Filesize
468KB

MD5
f62739820c17bdaf2c85d495bf84e3f8

SHA1
3f0476f486e4c124a7fe4896fd58349b3fe03051

SHA256
0955d0b4ed5791c5910e9c78081740772447b88a795ca763fd6c7c669c932f9c

SHA512
2c523ef415bc658f2b25c7bd787d6532219757bd0fdf3b7e960edad8999db89d235f2aaf333798f8274278e8a877f30670a9ccc42ff937ed20f3586fba425f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe

Filesize
468KB

MD5
4fd4491630479d2505dcaf948acbd611

SHA1
12f06da2c362856687e77d197266e64e2e4e8726

SHA256
f834345868b4155b098f57d69a1f955be319fe44a12f0e5af10181c6cc404871

SHA512
fcf7e86255b43884d69ae29d28039d33622f786b1ae2194ca4dca5a24cf8e560db1a229c44c0f321b835d397344602fcf8e5909dac55902cc3cdb842f54e9b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe

Filesize
468KB

MD5
5d07a8867aab7603dc170bba46e86ea0

SHA1
cbddae2e28ee4596d699aa09d339c9dbca0163f3

SHA256
1bdf6e068c2160935c0e5d7198fddafe98244bff65502295144106866cf50974

SHA512
2ca43ae929e2780d9ffcd179c5ef4e73b4153858c8ec57980c6aad50c22f07864b0bc7da2befcc8550b851e61e218f990829bcfa4531cfee7559de4047b0f5e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe

Filesize
468KB

MD5
fcdfe08b1ff6a1ea3fb580a3d5d95010

SHA1
e6e57054b4c69ae7f768e6aa3eea04f0effe5a18

SHA256
a01bfee8fd8e503f2e6976de697673d1c3c510e3222112cd5a74d32d3185fcc9

SHA512
738cbc9eb4e786b7cec6f1efee04b88054d9db4e3e57a898c01bc291a60e7097c3180c7e9a7d35edf1b88d345a991c0857a0ea1051201fd2a2c6c5d052f60f18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe

Filesize
468KB

MD5
8c7df8dabe4a7f21133db81a367c26fc

SHA1
c1f42d4b22c383a2e9bdbd8dac9d228e7862b6c8

SHA256
c530a853d07686d055598a174e5412c89f8b78aa42a216a74176290b4b72e9c3

SHA512
ca3034fb3893d374e0d8de7bc51f46601fbee7cafee3775523d0daebec2a886edf81e10e7a53322b00a86b9bc09eca9bed1ec0a564d2c6a951f6d46a8470a625

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe

Filesize
468KB

MD5
e6b2333024cbe6e969ba978fc6179d89

SHA1
346ab2263473156661dacd2a6ff050ea70433be7

SHA256
fb2dfd111c0beb5720a62f66c618a8ae407d57c5a15fb9474b695942734c7b02

SHA512
0a7744aca01a5da0cbed379f44bd18e74b66c8d6991db6853fd9b31c61e7824255b95b78725503282aa8c9b8ad1be530b123bb03c925e4066745eec7ae8b5efc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32763.exe

Filesize
468KB

MD5
9f09e45c923f864cae5a4a4c4267c2d8

SHA1
cbad691cb681f83d78a32da5a67ce6e9b1ed79c0

SHA256
b5acdd6080f3bf7b0db6e449b29372e914c23847c3eca56d5a7b68d20f695fe3

SHA512
e9ffb04c4cfb20a9999b89468b77d32bebc94cababaaceae562288ea6ff5501fd4790fdf84fb10690292754e9f783db363f8a1d01f0fb6951fbba1e3fe473901

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe

Filesize
468KB

MD5
7a10da249ecb71d3df97b29dce654ef4

SHA1
ee4a0161145d17b1f1904d482cf8a7cd983d7957

SHA256
7f934c1ba35c4faffc30a7cc5bca8ec95a8de0e6507643ebc8db82dd1b28b9c4

SHA512
4d5710e7e4c5077671345297a2f8edd777f7e433bc1dc67c48d713efb53c304a42d571b2b430cb4f4350155e0686f704cf1c2e4d6d40e6e942d0183b795510a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe

Filesize
468KB

MD5
e40b1a20887b47c6ad73ae05f30db84d

SHA1
7a0b33f5a5951760fd08e590b5a0e415934a51a1

SHA256
4bbd8d2f113909f65a29bfd5d0162562c3c30b89865a936540378349b10ec6f6

SHA512
87341049b0a19c3978f4789dd6831d524c127c1a6c1f8eca65b0a293119e5736143093a89782b9631dd1287494a2a203882d56a60b86ebd3dc2edda46bad1c98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe

Filesize
468KB

MD5
ce69232703130d1f27c15b82ab604861

SHA1
692024b5b4cc17ce99374083f7f20aaa18403008

SHA256
f20a2ed4498778eec4b121b1ffa2fa3f6a3e5af2587da49bae392cc93f48d851

SHA512
6818edf86e453975249dc838bcb756cb8ecc608a7304a493749edb29bf5f98ae816fd022f3b7b75343758177ee380d40dfcb7c813fef099d3d94671111f28c16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe

Filesize
468KB

MD5
a0ce9f39af0baaa684b9bb8228630f5b

SHA1
9b7170a9bb9c9a42ffe9996a664f92983e607f4e

SHA256
1baee5d7c127775633a5c949726649e9683591e4f8fbe233cf66251c18de9939

SHA512
42116d32b7e54334e8d74f6e3791e18f5a7f5c236430bf80dcde76e5e5e7a08ee8d8f08f13a7fd9800be6895e6a8af33afb2880df7269e33fd9257a9f3b75fc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe

Filesize
468KB

MD5
cee4c6395ba385631edacbe4f0901bba

SHA1
421bb1a057240a805fc35252baec412c96f43467

SHA256
71b2cac2c801bdf8a016f16e7cf31b98cbfd35f42bf9cb3d9ac6e774d0d9b092

SHA512
4e3a7f58e121379cabb46b853be9e5bf8bf2dc19755d5153efdd7d8571a874fccf34eb7efd87c9a89cd8b10df5a828beee15056ab4d205f33546b854e188e8e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe

Filesize
468KB

MD5
c30d7e55a6d8c85fa4d9085767304c3f

SHA1
65fc9f63dbd2409b68d77c2cfb54d32bf4cc8e63

SHA256
18700b02269f9bac788cce915528ee206407a4316c478bc3fec13f6a80e30121

SHA512
ac5cd1c76fb640c51fbd3bf79bed00ec50f3548a10a68bc77e28c0c52ba87c23c674d1cd9bfdb312b0223db33a865f6369e2dd4f584c58bd01dde7d41ba92b04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62743.exe

Filesize
468KB

MD5
de02f6b5e2d781ace003dc05f524b8e7

SHA1
cc531ea23a991c2ccee1c790c4a6c6e47d1cb67c

SHA256
cc3ef2ba708bf0e88b07db6c7babacb9aa18d3e93eb850193013840b948b0474

SHA512
3b9102c344997f2abee448e303062dd38c640c027696e53a504253682a6594b423dd2281f66f737b4e4e6d4b3ebdc86a397f7de5bd093e9bcb2c48f578124ec7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe

Filesize
468KB

MD5
b143617205a8c6a2d38f529920d9421c

SHA1
e84180b97479b48e069008ac2dce1a30923e9866

SHA256
013af8dfe8d362f32b3393263c78b2c2492c9971dfb2a382325f682adaee0464

SHA512
5f70e4a92ece39160ec9c578200efe1d7ce8241d96ba2b7c152cdd1af4512651c5a57ad10abe85c0e1e1bdd6ab7c6cd6292b5161ed1aee9047f22a7b34b0db66

Download Submit