7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
Size

468KB
MD5

891b5ccb2dadd6581b9646024b8ac4a0
SHA1

750bfcd269a36dc74e3c2f52d12dcd9b55a6250f
SHA256

7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774
SHA512

b196bc4720d706b17b44a8671c51cbfdb821380a4209f7a7205150f60c9539a6e5cc5bb30648d6a9736ef63febc35711d423895d804b2668eb9120ca3166fa5d
SSDEEP

3072:Wud+ogdEIc5AHbY/zfjcff8wAaJBHpnXJEHCgdSD1aDLhDGD+Afc:WuwoE0AHczrcffnBV31aH1GD+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2300	Unicorn-34416.exe
264	Unicorn-20025.exe
2012	Unicorn-34738.exe
2900	Unicorn-31697.exe
2744	Unicorn-9230.exe
2656	Unicorn-15360.exe
2884	Unicorn-61032.exe
2668	Unicorn-52151.exe
2304	Unicorn-27382.exe
2332	Unicorn-27647.exe
1684	Unicorn-57579.exe
2036	Unicorn-37713.exe
2840	Unicorn-21377.exe
2604	Unicorn-35113.exe
2836	Unicorn-41243.exe
2264	Unicorn-43272.exe
1152	Unicorn-64844.exe
1940	Unicorn-53147.exe
2496	Unicorn-36562.exe
3064	Unicorn-28773.exe
2272	Unicorn-10390.exe
856	Unicorn-184.exe
1816	Unicorn-57288.exe
1144	Unicorn-49385.exe
1956	Unicorn-49385.exe
1368	Unicorn-8715.exe
912	Unicorn-8715.exe
2756	Unicorn-20413.exe
2084	Unicorn-51231.exe
2964	Unicorn-57361.exe
1156	Unicorn-33411.exe
772	Unicorn-55882.exe
1932	Unicorn-16748.exe
1576	Unicorn-52950.exe
2556	Unicorn-40314.exe
2164	Unicorn-4112.exe
2712	Unicorn-39544.exe
1748	Unicorn-36038.exe
2892	Unicorn-1319.exe
2800	Unicorn-8757.exe
2792	Unicorn-34008.exe
2420	Unicorn-53874.exe
2664	Unicorn-28721.exe
2612	Unicorn-28986.exe
2476	Unicorn-46069.exe
1092	Unicorn-397.exe
1464	Unicorn-18579.exe
2944	Unicorn-24710.exe
1108	Unicorn-24710.exe
2688	Unicorn-60896.exe
2004	Unicorn-16904.exe
1860	Unicorn-36770.exe
1864	Unicorn-36770.exe
768	Unicorn-55336.exe
1964	Unicorn-41600.exe
1328	Unicorn-55336.exe
2268	Unicorn-41046.exe
2188	Unicorn-41046.exe
2140	Unicorn-43267.exe
2356	Unicorn-5176.exe
448	Unicorn-27293.exe
2428	Unicorn-5804.exe
304	Unicorn-35867.exe
1556	Unicorn-52950.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2300	Unicorn-34416.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2300	Unicorn-34416.exe
264	Unicorn-20025.exe
264	Unicorn-20025.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2300	Unicorn-34416.exe
2012	Unicorn-34738.exe
2012	Unicorn-34738.exe
2300	Unicorn-34416.exe
2744	Unicorn-9230.exe
2744	Unicorn-9230.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2900	Unicorn-31697.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2900	Unicorn-31697.exe
2656	Unicorn-15360.exe
264	Unicorn-20025.exe
2656	Unicorn-15360.exe
264	Unicorn-20025.exe
2012	Unicorn-34738.exe
2300	Unicorn-34416.exe
2884	Unicorn-61032.exe
2012	Unicorn-34738.exe
2300	Unicorn-34416.exe
2884	Unicorn-61032.exe
2668	Unicorn-52151.exe
2668	Unicorn-52151.exe
2744	Unicorn-9230.exe
2304	Unicorn-27382.exe
2304	Unicorn-27382.exe
2744	Unicorn-9230.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2840	Unicorn-21377.exe
2840	Unicorn-21377.exe
2012	Unicorn-34738.exe
2012	Unicorn-34738.exe
2604	Unicorn-35113.exe
2604	Unicorn-35113.exe
2300	Unicorn-34416.exe
2300	Unicorn-34416.exe
2836	Unicorn-41243.exe
1684	Unicorn-57579.exe
2836	Unicorn-41243.exe
1684	Unicorn-57579.exe
2656	Unicorn-15360.exe
2656	Unicorn-15360.exe
2884	Unicorn-61032.exe
2884	Unicorn-61032.exe
2036	Unicorn-37713.exe
2036	Unicorn-37713.exe
264	Unicorn-20025.exe
2332	Unicorn-27647.exe
264	Unicorn-20025.exe
2332	Unicorn-27647.exe
2900	Unicorn-31697.exe
2900	Unicorn-31697.exe
2264	Unicorn-43272.exe
2264	Unicorn-43272.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3424	2612	WerFault.exe	74
3368	2960	WerFault.exe	106
3392	988	WerFault.exe	133
6900	2400	WerFault.exe	151

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9907.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
2300	Unicorn-34416.exe
264	Unicorn-20025.exe
2012	Unicorn-34738.exe
2900	Unicorn-31697.exe
2744	Unicorn-9230.exe
2656	Unicorn-15360.exe
2884	Unicorn-61032.exe
2668	Unicorn-52151.exe
2304	Unicorn-27382.exe
1684	Unicorn-57579.exe
2840	Unicorn-21377.exe
2836	Unicorn-41243.exe
2332	Unicorn-27647.exe
2036	Unicorn-37713.exe
2604	Unicorn-35113.exe
2264	Unicorn-43272.exe
1940	Unicorn-53147.exe
1152	Unicorn-64844.exe
2496	Unicorn-36562.exe
2272	Unicorn-10390.exe
3064	Unicorn-28773.exe
856	Unicorn-184.exe
1816	Unicorn-57288.exe
1956	Unicorn-49385.exe
1144	Unicorn-49385.exe
1368	Unicorn-8715.exe
912	Unicorn-8715.exe
2964	Unicorn-57361.exe
2084	Unicorn-51231.exe
2756	Unicorn-20413.exe
1156	Unicorn-33411.exe
772	Unicorn-55882.exe
1932	Unicorn-16748.exe
1576	Unicorn-52950.exe
2164	Unicorn-4112.exe
2556	Unicorn-40314.exe
2712	Unicorn-39544.exe
1748	Unicorn-36038.exe
2892	Unicorn-1319.exe
2792	Unicorn-34008.exe
2420	Unicorn-53874.exe
2800	Unicorn-8757.exe
2664	Unicorn-28721.exe
2612	Unicorn-28986.exe
2476	Unicorn-46069.exe
1092	Unicorn-397.exe
1108	Unicorn-24710.exe
2944	Unicorn-24710.exe
1464	Unicorn-18579.exe
2688	Unicorn-60896.exe
2004	Unicorn-16904.exe
1864	Unicorn-36770.exe
1860	Unicorn-36770.exe
1964	Unicorn-41600.exe
768	Unicorn-55336.exe
1328	Unicorn-55336.exe
2268	Unicorn-41046.exe
2188	Unicorn-41046.exe
2140	Unicorn-43267.exe
2356	Unicorn-5176.exe
448	Unicorn-27293.exe
2428	Unicorn-5804.exe
304	Unicorn-35867.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2300	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	30
PID 2440 wrote to memory of 2300	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	30
PID 2440 wrote to memory of 2300	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	30
PID 2440 wrote to memory of 2300	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	30
PID 2300 wrote to memory of 2012	2300	Unicorn-34416.exe	32
PID 2300 wrote to memory of 2012	2300	Unicorn-34416.exe	32
PID 2300 wrote to memory of 2012	2300	Unicorn-34416.exe	32
PID 2440 wrote to memory of 264	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	33
PID 2300 wrote to memory of 2012	2300	Unicorn-34416.exe	32
PID 2440 wrote to memory of 264	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	33
PID 2440 wrote to memory of 264	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	33
PID 2440 wrote to memory of 264	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	33
PID 264 wrote to memory of 2900	264	Unicorn-20025.exe	34
PID 264 wrote to memory of 2900	264	Unicorn-20025.exe	34
PID 264 wrote to memory of 2900	264	Unicorn-20025.exe	34
PID 264 wrote to memory of 2900	264	Unicorn-20025.exe	34
PID 2440 wrote to memory of 2744	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	35
PID 2440 wrote to memory of 2744	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	35
PID 2440 wrote to memory of 2744	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	35
PID 2440 wrote to memory of 2744	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	35
PID 2012 wrote to memory of 2656	2012	Unicorn-34738.exe	37
PID 2012 wrote to memory of 2656	2012	Unicorn-34738.exe	37
PID 2012 wrote to memory of 2656	2012	Unicorn-34738.exe	37
PID 2012 wrote to memory of 2656	2012	Unicorn-34738.exe	37
PID 2300 wrote to memory of 2884	2300	Unicorn-34416.exe	36
PID 2300 wrote to memory of 2884	2300	Unicorn-34416.exe	36
PID 2300 wrote to memory of 2884	2300	Unicorn-34416.exe	36
PID 2300 wrote to memory of 2884	2300	Unicorn-34416.exe	36
PID 2744 wrote to memory of 2668	2744	Unicorn-9230.exe	38
PID 2744 wrote to memory of 2668	2744	Unicorn-9230.exe	38
PID 2744 wrote to memory of 2668	2744	Unicorn-9230.exe	38
PID 2744 wrote to memory of 2668	2744	Unicorn-9230.exe	38
PID 2440 wrote to memory of 2304	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	39
PID 2440 wrote to memory of 2304	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	39
PID 2440 wrote to memory of 2304	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	39
PID 2440 wrote to memory of 2304	2440	7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe	39
PID 2900 wrote to memory of 2332	2900	Unicorn-31697.exe	40
PID 2900 wrote to memory of 2332	2900	Unicorn-31697.exe	40
PID 2900 wrote to memory of 2332	2900	Unicorn-31697.exe	40
PID 2900 wrote to memory of 2332	2900	Unicorn-31697.exe	40
PID 2656 wrote to memory of 1684	2656	Unicorn-15360.exe	41
PID 2656 wrote to memory of 1684	2656	Unicorn-15360.exe	41
PID 2656 wrote to memory of 1684	2656	Unicorn-15360.exe	41
PID 2656 wrote to memory of 1684	2656	Unicorn-15360.exe	41
PID 264 wrote to memory of 2036	264	Unicorn-20025.exe	42
PID 264 wrote to memory of 2036	264	Unicorn-20025.exe	42
PID 264 wrote to memory of 2036	264	Unicorn-20025.exe	42
PID 264 wrote to memory of 2036	264	Unicorn-20025.exe	42
PID 2012 wrote to memory of 2840	2012	Unicorn-34738.exe	43
PID 2012 wrote to memory of 2840	2012	Unicorn-34738.exe	43
PID 2012 wrote to memory of 2840	2012	Unicorn-34738.exe	43
PID 2012 wrote to memory of 2840	2012	Unicorn-34738.exe	43
PID 2300 wrote to memory of 2604	2300	Unicorn-34416.exe	44
PID 2300 wrote to memory of 2604	2300	Unicorn-34416.exe	44
PID 2300 wrote to memory of 2604	2300	Unicorn-34416.exe	44
PID 2300 wrote to memory of 2604	2300	Unicorn-34416.exe	44
PID 2884 wrote to memory of 2836	2884	Unicorn-61032.exe	45
PID 2884 wrote to memory of 2836	2884	Unicorn-61032.exe	45
PID 2884 wrote to memory of 2836	2884	Unicorn-61032.exe	45
PID 2884 wrote to memory of 2836	2884	Unicorn-61032.exe	45
PID 2668 wrote to memory of 2264	2668	Unicorn-52151.exe	46
PID 2668 wrote to memory of 2264	2668	Unicorn-52151.exe	46
PID 2668 wrote to memory of 2264	2668	Unicorn-52151.exe	46
PID 2668 wrote to memory of 2264	2668	Unicorn-52151.exe	46

C:\Users\Admin\AppData\Local\Temp\7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe
"C:\Users\Admin\AppData\Local\Temp\7009b9464a66507e95da6c911aaf0e17b41fe8cde682569db64fc9ff6b184774N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        7⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        8⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
        7⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        7⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        7⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
        7⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        7⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        7⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42904.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        5⤵
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        7⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        6⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44449.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60603.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1692.exe
      4⤵
      PID:7088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        7⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        7⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        6⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        6⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        5⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        5⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        7⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        6⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        6⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        5⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        5⤵
        
        PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        5⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        5⤵
        
        PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      4⤵
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27886.exe
      4⤵
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        5⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        5⤵
        
        PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
      4⤵
      PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50521.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        6⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        6⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        5⤵
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        6⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        5⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        5⤵
        
        PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
      4⤵
      PID:7272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        5⤵
        
        PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15984.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
      4⤵
      PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      4⤵
      PID:7560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      4⤵
      PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
      4⤵
      PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
    3⤵
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
      4⤵
      PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
      4⤵
      PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
    3⤵
    PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
    3⤵
    PID:6908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        7⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe
        6⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        7⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
        5⤵
        
        PID:6824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        7⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        6⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21052.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
      4⤵
      PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20413.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24544.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        7⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        7⤵
        Program crash
        
        PID:6900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        6⤵
        Program crash
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        5⤵
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6121.exe
        5⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        6⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
      4⤵
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        5⤵
        
        PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
      4⤵
      PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      4⤵
      PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
      4⤵
      PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        6⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        5⤵
        
        PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        5⤵
        
        PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        5⤵
        
        PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      4⤵
      PID:7640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
    3⤵
    PID:988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 224
      4⤵
      Program crash
      PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
    3⤵
    PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
    3⤵
    PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
    3⤵
    PID:7248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        7⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        6⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        6⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        5⤵
        Executes dropped EXE
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        5⤵
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        6⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        6⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        6⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
      4⤵
      PID:7320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        5⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15660.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43365.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        6⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18232.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
      4⤵
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        5⤵
        
        PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
      4⤵
      PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
      4⤵
      PID:6948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
      4⤵
      PID:2960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        5⤵
        Program crash
        
        PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        5⤵
        
        PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
      4⤵
      PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
      4⤵
      PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
      4⤵
      PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38591.exe
    3⤵
    PID:352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
    3⤵
    PID:6888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
        6⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        6⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        5⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        5⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        5⤵
        
        PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      4⤵
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
      4⤵
      PID:7008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        5⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44641.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
      4⤵
      PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
      4⤵
      PID:6996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
    3⤵
    PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
      4⤵
      PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
      4⤵
      PID:6756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
    3⤵
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62447.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18537.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
      4⤵
      PID:8064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
    3⤵
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
    3⤵
    PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
    3⤵
    PID:7200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
      4⤵
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
      4⤵
      PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
      4⤵
      PID:7340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37381.exe
    3⤵
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
      4⤵
      PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
      4⤵
      PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30686.exe
    3⤵
    PID:284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
    3⤵
    PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
    3⤵
    PID:6352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
    3⤵
    PID:7548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
    3⤵
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
      4⤵
      PID:7028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27212.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
      4⤵
      PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
      4⤵
      PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
      4⤵
      PID:7328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56499.exe
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
    3⤵
    PID:7864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3730.exe
  2⤵
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
    3⤵
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
    3⤵
    PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
    3⤵
    PID:8120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
  2⤵
  PID:4168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
  2⤵
  PID:928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
  2⤵
  PID:5968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
  2⤵
  PID:7208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe

Filesize
468KB

MD5
a6d5c984e4878594bbae2bfb56f95862

SHA1
516c01b77ab206bcd55bbad3063c757b881ca325

SHA256
8cf72a06c1178d8fd90b9a3ff0e5a48b90bfbf891b03ed5e6abe80a38c9dbdf0

SHA512
a0b68345d41cbb77358d0b6312fd938ce9296be2a4fa96d25670108c147959113ebd1ee77e8af214e4d22fabe9dbe0209be71f0106270ed9c6ed869f819d62d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe

Filesize
468KB

MD5
d8a2279107ea15eec592d0829890539d

SHA1
477c7b5f75e08ab2cea81d2e1f490fed07caa871

SHA256
c58ac538c47d51c9509d29a10b333a959547e8b12fbc381372c9d090d01b5207

SHA512
e13d241e93300706bd483643f1be11c0ec732c5907e338e67b40e32747d13e1135d11b161f82791bc70ebd003f3b033d7d27504303e46883b0776f2e4ada8d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe

Filesize
468KB

MD5
4ed7bfd3543418258ada52917f8770f3

SHA1
41a6a0eefd42c6c25f9755b9e36db3b32fd3c30c

SHA256
1fa8491d27b5ab303ffefcaf1445ee59e724c463433ec093053bb799c8946e11

SHA512
d5325bdc7a7df9ac72e95c4e7081f9837876aac693ddd2452d01ce4d5f7e9f61a1aeafd8fa91548337ce9c6ae492124bd98f84eeae6c369410e9355edab4f1e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31697.exe

Filesize
468KB

MD5
0db5143480864a62d686590f9e13a5e2

SHA1
240d0f281afb97086043d8d81b9c318c669a47dc

SHA256
4424f84fa88a3c27fbd9b78e5efe80e251e67a3c42e8198ac48f536b815aa455

SHA512
2afbd72f216fba63c6ed90ef4ccf412af270bc6c4bb32e527fdc6d41f34af69a4b5d4277a7e13596a7fcc379336afe42bb73da92a895220275d13782848afdde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe

Filesize
468KB

MD5
da67987863e349c1337d9b2d1df1199e

SHA1
55cd16409d3749b81e4ab13707c0cc207b532d2e

SHA256
9d1388bd3100c2be6aeaa1f0681f487796101cb0a6e6dc4e3d9afe02c2741842

SHA512
d112dd32e7b4919095c48e427ff55f95a358a3ae032c77c0ca369f5144a5a513b0ebabf03ebcf14f9c8883e6b5a5fa5753665761d73e9ef3e72368c4261085af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe

Filesize
468KB

MD5
4d0b3f62349f790a7cceb369f8152aa1

SHA1
f095ae140fae35e60194e271406f7bd36f0dddac

SHA256
60d5aa74bea2c5ec96c7db727e0cd4c2c0bc6dbd67c7ff73b3909cbb61f27ed1

SHA512
d384214d7d62cbd5ff1cc2e6060b1c5c5f5f8e1173a977689699e1d6c7e3fef9a48cdee7b0ae82f93d1bf57767f8a2a8a16bbfa608150a3b777db2018b9e0117

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe

Filesize
468KB

MD5
4b3dcf0768204c62426367b41be7973b

SHA1
fbd6a20bf930059d6fd61ed98be6c9ca8e59fe81

SHA256
7b0e6d66d58c6e46019b36e0877980b52ac41fa87b3e2898fce20e6d047d834e

SHA512
0bcf9dafc6ef2a0e9c70acef949afb83b30d395c0bcbc632196f5b7040fa7be7b39e469e4037cf380772a123b7204047a3a1bb519930ea10cff01f87d1a73048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe

Filesize
468KB

MD5
91f5dd33b95b62a09418b26cfa5c42dd

SHA1
01cae45118369a74c985e6e01a4d36e9c7986092

SHA256
34d76f0d09f491fe4c53e66cff11d16aef629d5366d6d5e6e8742a1e7ab51bf7

SHA512
93f09114020b0dc898eecedcd6af063a163bc07f8d04019bebd48e3f08d19b644c56db1265bd9334304d3671590fe2be794a415f040ab05096facf659effe105

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe

Filesize
468KB

MD5
ec4ee31af828937e644d0b2696f72741

SHA1
365daf7d938e23e30e04902f2374c62723fb0717

SHA256
344397659ab6fd0b51ac73651448d84c14b2a840520fed6e8b76725ae7f13c68

SHA512
31e4b815d5b53f841261970766e5f098c9a9283f7dff8fe4b87d445eed0ac0d8a7215092f3668be96fe8755bc0e92bd348e95ee90e8c528b4d8ceb58d4daab1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe

Filesize
468KB

MD5
13088997e1ad284b84a48f44c374afc7

SHA1
3d03f0bb6bde6140d89aa3645a81d33b1e9278a4

SHA256
94b2b6cd9d2fce8fac19d75b28ab81573f77bea410bb334cfddfa3dacc8580a8

SHA512
a97c0a867ef15764547eee8f460870649c22c9e87d8d08b9e2c7ac26b959b61884c02ae6c34585e3dc63ce9365913b801bf1d131d93e0ba60795c0a69e4a9d1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe

Filesize
468KB

MD5
ab2effc89e12defd29d1f404dacae78f

SHA1
289a1a9515dc93a677ef47927ba207bd418cb3f9

SHA256
0939a7c16aaadda79b302e178a8b57851193f3d65bf955cc0397c62834120ba9

SHA512
2fd45e704cdba68e0e8dbd373e98bb7b2efb9b1426b293daa46777c8025174ca41396bd6cb879b6f8acf675479884e47245b74b518edd1a609cdf90822ca6a0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe

Filesize
468KB

MD5
f88b2365e0704aa674a8cdc08ec3fabe

SHA1
b1cfb5e9d70dc84bd4760f601b2700cad8e9af94

SHA256
096e55a57cf92bd23d153f9e1868875d504373e026aa265b761a1fc86a3b1424

SHA512
83f7fb5ce12798ca6616abac15873eb02bd6be147b820cb1705eb53a01946c31056592ea3680f2ea0af63b3fd481311e9f5e00a1ee9a82428a3782ed8e37c341

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe

Filesize
468KB

MD5
05be3634f2add0ec09a006d29656090b

SHA1
cd6c3190a68998db6fbb7177d64c7fb132f45315

SHA256
1d461ee02b56f586333199ef971e9a71364eb0a186455fcd1e3eb226ca81bc15

SHA512
f4574697e4babc0748aea3182bc5d807ad91ef3c7fd707731fc042aaf03ecf34bc2cf0fb29db500b2ae3399a0c8324c20e22341502931a99f484138f5902d3f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe

Filesize
468KB

MD5
49d6a4db4870ba1a5279640b7fbee286

SHA1
d2498c5ec3283642f8f6bc4f06b7ef7b021e4557

SHA256
10f5d602f528734e754cc6249f0ea7fa73b871b38dfc6b7d163c57aab08cefca

SHA512
2928fe4a9031bc1578b386ee0d69def4b215d8d7c791ffe03ebf894d4ea589c32cb41f2fd16a224081981625cf7da5a09fee6031e52d66d6a81a209a874fbdb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe

Filesize
468KB

MD5
b97efca2366a3882992a30841bbe2966

SHA1
9b95f8895ca01e5b7cf749178a77cee747b99f11

SHA256
d35bb08cb7d1bceb2df913847d501d323b39781d7341726cbd0dd50724771f65

SHA512
1fc6ffd2d00a54b0511ad5b6e83342a9665064aed7afd8f91fafebbc9e8cb0ac2e20d2ace175693c63a0153a3d9e3707e3be27d254741620cf48e36d43c2915b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe

Filesize
468KB

MD5
ca90509d9b1b976fda2655eec02c1f11

SHA1
2d2d1a897ee794943c1a1a5e27e327c1669189af

SHA256
fb0f1e9f714d592ad9a798873230d45e137f61a3c2d0d067a0f12739e6837547

SHA512
2c470fd09c5bf4775eef32af598baf956ba8d514018355d1d3c8f4c1a5166b61134e9e0c51e3dbf7953e9164d28a757a45e07bb3d5919ac30f419fd50b36586f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe

Filesize
468KB

MD5
469e55e840047be23776375ca755d3ca

SHA1
b6517e1930953844cf580cb8468bbbe4bc209cbd

SHA256
493dcb60e4c2a0b3becdca1f0966b37bbb8e206a1b036fb64b52c60b11b185e0

SHA512
93206c2bab72de2251c57f284dcb0c01120cf52f6ebc82ef021808ff2fe43876eace0aa532f97d031ff7b38f8a293bdfa99da02a2058253cb63eb05b9a58153c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe

Filesize
468KB

MD5
789d6a890153231b75553153089d58fe

SHA1
e170b0085516e95df43fb64b716491f2f88bd5fd

SHA256
762fdecd3e38d779ecb0e00169f17efb8d31b75664f0aa392d2b3f8dddc80f2c

SHA512
9f19f2a9385caf662d1e8a804a7129293cbb4897da3ba2053e54949843159e674fbe74c2d35bb5659569329d2f8102256e3100e0677b2e69b623d3bb8d2f7c51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe

Filesize
468KB

MD5
500ec66a52ce148610f4d712bf35b279

SHA1
50a04b9827453029ae7e671a77c73e386718d9d5

SHA256
36966411fe74c327191f1a47872123f55075aaa9898d467af952c64632e11a16

SHA512
b6c28dfbc8098f5214741bc29fecf8de4cb4592bdde20aebaea7e77f9da1a827e4cbae2d62eb847b3702b22c9bd785aaa41a161118f99a58c5cb659821271b68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe

Filesize
468KB

MD5
17446ef5879614ab66af5463c1f5511e

SHA1
cdeea1e3d38b7b776942ae011adbe229f296de95

SHA256
89881ee55cd495d836e6e9ded8f7ddf4044fde8a205f8ef7cf739b21501c926f

SHA512
b9903a3f5d5976d2c374d245079a5a64f0eeaa32b5e4b455f697d34afd44c1cdab7f9c5d7088b77d66cb1554d977c1527365238c78e6177de8e35ac0683d625c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe

Filesize
468KB

MD5
80a6944cd5280fe3c6d0d56b93d9419a

SHA1
432869aebc51ca584c79462fc3d084115f4b3663

SHA256
852d647abcd945d1ec0848d0f77e1c590ff10cb6e751b9beb0910f43a09c2eaf

SHA512
81d261de7b54666eeb91a817027dd10f815d2099e8272939b1338870db67b213e224900a9e906349c073ebe06744690c08f46f0c66323ff325d82559525151a8

Download Submit