06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190a

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
Size

468KB
MD5

c2ad09f0badec55635420bf23399e130
SHA1

765bf3452f2e210997feeb2a73c5a6267a882e8a
SHA256

06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190a
SHA512

cd81ac99e571b30af355f56caba33bc0df3a309bb3976963edcb870ffda147f1da2bf1743629e1aa381fee628af862ad7abcddba66b3ebb54a862df4b2136333
SSDEEP

3072:MTANoSCVId5UtbY2Pztjcf8/SCMvPgpwVmHeevsMPKD8L7yaQ8lT:MTqoQbUtlPJjcfbcQePKwXyaQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2444	Unicorn-52197.exe
2876	Unicorn-23692.exe
2732	Unicorn-63141.exe
2932	Unicorn-41180.exe
1908	Unicorn-49903.exe
2460	Unicorn-26196.exe
2464	Unicorn-4314.exe
2124	Unicorn-35041.exe
2848	Unicorn-14520.exe
848	Unicorn-785.exe
2852	Unicorn-23173.exe
1248	Unicorn-53634.exe
2704	Unicorn-2415.exe
832	Unicorn-18752.exe
1512	Unicorn-64423.exe
376	Unicorn-15990.exe
1604	Unicorn-31772.exe
1708	Unicorn-25550.exe
2904	Unicorn-50146.exe
540	Unicorn-21200.exe
2236	Unicorn-10967.exe
952	Unicorn-17744.exe
320	Unicorn-37610.exe
2300	Unicorn-18373.exe
2528	Unicorn-54714.exe
652	Unicorn-51953.exe
3044	Unicorn-30786.exe
2100	Unicorn-57983.exe
524	Unicorn-28648.exe
284	Unicorn-20480.exe
1848	Unicorn-20214.exe
1692	Unicorn-51761.exe
2700	Unicorn-16950.exe
2416	Unicorn-36816.exe
2752	Unicorn-16295.exe
2736	Unicorn-22426.exe
3008	Unicorn-12211.exe
2916	Unicorn-3951.exe
2968	Unicorn-29831.exe
2016	Unicorn-39316.exe
1944	Unicorn-16204.exe
2592	Unicorn-10749.exe
2064	Unicorn-48667.exe
1636	Unicorn-61574.exe
2004	Unicorn-5596.exe
1724	Unicorn-48682.exe
2424	Unicorn-65103.exe
1128	Unicorn-62342.exe
1096	Unicorn-6364.exe
2192	Unicorn-20654.exe
620	Unicorn-57511.exe
676	Unicorn-18617.exe
1304	Unicorn-49898.exe
2120	Unicorn-8865.exe
2440	Unicorn-18516.exe
1816	Unicorn-55373.exe
1660	Unicorn-697.exe
2500	Unicorn-33369.exe
1768	Unicorn-6748.exe
1520	Unicorn-32429.exe
688	Unicorn-261.exe
948	Unicorn-526.exe
2936	Unicorn-20947.exe
1560	Unicorn-61879.exe

Loads dropped DLL 64 IoCs

pid	Process
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2444	Unicorn-52197.exe
2444	Unicorn-52197.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2876	Unicorn-23692.exe
2876	Unicorn-23692.exe
2444	Unicorn-52197.exe
2444	Unicorn-52197.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2932	Unicorn-41180.exe
1908	Unicorn-49903.exe
2932	Unicorn-41180.exe
1908	Unicorn-49903.exe
2444	Unicorn-52197.exe
2876	Unicorn-23692.exe
2444	Unicorn-52197.exe
2876	Unicorn-23692.exe
2460	Unicorn-26196.exe
2460	Unicorn-26196.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2464	Unicorn-4314.exe
2464	Unicorn-4314.exe
2124	Unicorn-35041.exe
2932	Unicorn-41180.exe
2124	Unicorn-35041.exe
2932	Unicorn-41180.exe
1908	Unicorn-49903.exe
1908	Unicorn-49903.exe
848	Unicorn-785.exe
848	Unicorn-785.exe
2848	Unicorn-14520.exe
2848	Unicorn-14520.exe
2876	Unicorn-23692.exe
2444	Unicorn-52197.exe
2876	Unicorn-23692.exe
2444	Unicorn-52197.exe
2852	Unicorn-23173.exe
2852	Unicorn-23173.exe
2460	Unicorn-26196.exe
2460	Unicorn-26196.exe
1248	Unicorn-53634.exe
1248	Unicorn-53634.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2704	Unicorn-2415.exe
2704	Unicorn-2415.exe
2464	Unicorn-4314.exe
2464	Unicorn-4314.exe
832	Unicorn-18752.exe
832	Unicorn-18752.exe
2124	Unicorn-35041.exe
2124	Unicorn-35041.exe
2904	Unicorn-50146.exe
2904	Unicorn-50146.exe
2876	Unicorn-23692.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2924	2732	WerFault.exe	32
2240	3008	WerFault.exe	67
2000	1240	WerFault.exe	178

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1024.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
2444	Unicorn-52197.exe
2876	Unicorn-23692.exe
2732	Unicorn-63141.exe
2932	Unicorn-41180.exe
1908	Unicorn-49903.exe
2460	Unicorn-26196.exe
2464	Unicorn-4314.exe
2124	Unicorn-35041.exe
848	Unicorn-785.exe
2848	Unicorn-14520.exe
2852	Unicorn-23173.exe
1248	Unicorn-53634.exe
2704	Unicorn-2415.exe
1512	Unicorn-64423.exe
832	Unicorn-18752.exe
1604	Unicorn-31772.exe
376	Unicorn-15990.exe
2904	Unicorn-50146.exe
1708	Unicorn-25550.exe
540	Unicorn-21200.exe
2236	Unicorn-10967.exe
952	Unicorn-17744.exe
320	Unicorn-37610.exe
2300	Unicorn-18373.exe
2528	Unicorn-54714.exe
652	Unicorn-51953.exe
3044	Unicorn-30786.exe
2100	Unicorn-57983.exe
524	Unicorn-28648.exe
284	Unicorn-20480.exe
1848	Unicorn-20214.exe
1692	Unicorn-51761.exe
2700	Unicorn-16950.exe
2416	Unicorn-36816.exe
2736	Unicorn-22426.exe
2752	Unicorn-16295.exe
3008	Unicorn-12211.exe
2916	Unicorn-3951.exe
2968	Unicorn-29831.exe
2016	Unicorn-39316.exe
1944	Unicorn-16204.exe
2592	Unicorn-10749.exe
2064	Unicorn-48667.exe
1636	Unicorn-61574.exe
2004	Unicorn-5596.exe
1724	Unicorn-48682.exe
2424	Unicorn-65103.exe
1128	Unicorn-62342.exe
1096	Unicorn-6364.exe
2440	Unicorn-18516.exe
1304	Unicorn-49898.exe
2192	Unicorn-20654.exe
676	Unicorn-18617.exe
620	Unicorn-57511.exe
2120	Unicorn-8865.exe
1816	Unicorn-55373.exe
1660	Unicorn-697.exe
2500	Unicorn-33369.exe
1768	Unicorn-6748.exe
1520	Unicorn-32429.exe
948	Unicorn-526.exe
688	Unicorn-261.exe
2936	Unicorn-20947.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2444	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	30
PID 2800 wrote to memory of 2444	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	30
PID 2800 wrote to memory of 2444	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	30
PID 2800 wrote to memory of 2444	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	30
PID 2444 wrote to memory of 2876	2444	Unicorn-52197.exe	31
PID 2444 wrote to memory of 2876	2444	Unicorn-52197.exe	31
PID 2444 wrote to memory of 2876	2444	Unicorn-52197.exe	31
PID 2444 wrote to memory of 2876	2444	Unicorn-52197.exe	31
PID 2800 wrote to memory of 2732	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	32
PID 2800 wrote to memory of 2732	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	32
PID 2800 wrote to memory of 2732	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	32
PID 2800 wrote to memory of 2732	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	32
PID 2732 wrote to memory of 2924	2732	Unicorn-63141.exe	33
PID 2732 wrote to memory of 2924	2732	Unicorn-63141.exe	33
PID 2732 wrote to memory of 2924	2732	Unicorn-63141.exe	33
PID 2732 wrote to memory of 2924	2732	Unicorn-63141.exe	33
PID 2876 wrote to memory of 2932	2876	Unicorn-23692.exe	34
PID 2876 wrote to memory of 2932	2876	Unicorn-23692.exe	34
PID 2876 wrote to memory of 2932	2876	Unicorn-23692.exe	34
PID 2876 wrote to memory of 2932	2876	Unicorn-23692.exe	34
PID 2444 wrote to memory of 1908	2444	Unicorn-52197.exe	35
PID 2444 wrote to memory of 1908	2444	Unicorn-52197.exe	35
PID 2444 wrote to memory of 1908	2444	Unicorn-52197.exe	35
PID 2444 wrote to memory of 1908	2444	Unicorn-52197.exe	35
PID 2800 wrote to memory of 2460	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	36
PID 2800 wrote to memory of 2460	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	36
PID 2800 wrote to memory of 2460	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	36
PID 2800 wrote to memory of 2460	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	36
PID 2932 wrote to memory of 2464	2932	Unicorn-41180.exe	37
PID 2932 wrote to memory of 2464	2932	Unicorn-41180.exe	37
PID 2932 wrote to memory of 2464	2932	Unicorn-41180.exe	37
PID 2932 wrote to memory of 2464	2932	Unicorn-41180.exe	37
PID 1908 wrote to memory of 2124	1908	Unicorn-49903.exe	38
PID 1908 wrote to memory of 2124	1908	Unicorn-49903.exe	38
PID 1908 wrote to memory of 2124	1908	Unicorn-49903.exe	38
PID 1908 wrote to memory of 2124	1908	Unicorn-49903.exe	38
PID 2444 wrote to memory of 2848	2444	Unicorn-52197.exe	39
PID 2444 wrote to memory of 2848	2444	Unicorn-52197.exe	39
PID 2444 wrote to memory of 2848	2444	Unicorn-52197.exe	39
PID 2444 wrote to memory of 2848	2444	Unicorn-52197.exe	39
PID 2876 wrote to memory of 848	2876	Unicorn-23692.exe	40
PID 2876 wrote to memory of 848	2876	Unicorn-23692.exe	40
PID 2876 wrote to memory of 848	2876	Unicorn-23692.exe	40
PID 2876 wrote to memory of 848	2876	Unicorn-23692.exe	40
PID 2460 wrote to memory of 2852	2460	Unicorn-26196.exe	41
PID 2460 wrote to memory of 2852	2460	Unicorn-26196.exe	41
PID 2460 wrote to memory of 2852	2460	Unicorn-26196.exe	41
PID 2460 wrote to memory of 2852	2460	Unicorn-26196.exe	41
PID 2800 wrote to memory of 1248	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	42
PID 2800 wrote to memory of 1248	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	42
PID 2800 wrote to memory of 1248	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	42
PID 2800 wrote to memory of 1248	2800	06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe	42
PID 2464 wrote to memory of 2704	2464	Unicorn-4314.exe	43
PID 2464 wrote to memory of 2704	2464	Unicorn-4314.exe	43
PID 2464 wrote to memory of 2704	2464	Unicorn-4314.exe	43
PID 2464 wrote to memory of 2704	2464	Unicorn-4314.exe	43
PID 2124 wrote to memory of 832	2124	Unicorn-35041.exe	44
PID 2124 wrote to memory of 832	2124	Unicorn-35041.exe	44
PID 2124 wrote to memory of 832	2124	Unicorn-35041.exe	44
PID 2124 wrote to memory of 832	2124	Unicorn-35041.exe	44
PID 2932 wrote to memory of 1512	2932	Unicorn-41180.exe	45
PID 2932 wrote to memory of 1512	2932	Unicorn-41180.exe	45
PID 2932 wrote to memory of 1512	2932	Unicorn-41180.exe	45
PID 2932 wrote to memory of 1512	2932	Unicorn-41180.exe	45

C:\Users\Admin\AppData\Local\Temp\06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe
"C:\Users\Admin\AppData\Local\Temp\06f9468c8e2cf7fb9c4cb589fb8c533e374ee726bf0aa74c503dbe83e2f5190aN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        10⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        10⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        10⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        9⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        9⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26867.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26775.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51955.exe
        9⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        9⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        9⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        9⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13716.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        7⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27390.exe
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        9⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        7⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        7⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        6⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        7⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        7⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        6⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        7⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        6⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        5⤵
        
        PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        7⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43882.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4225.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
        7⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61699.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        7⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        7⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        6⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        7⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        6⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47172.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        6⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        6⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        5⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4695.exe
        5⤵
        
        PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        7⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51986.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        5⤵
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        6⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        5⤵
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44213.exe
        5⤵
        
        PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
      4⤵
      PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23442.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
      4⤵
      PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19277.exe
      4⤵
      PID:7536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        7⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        7⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24377.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27907.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        8⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47089.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        7⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        6⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        8⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        7⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9762.exe
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        6⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        6⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        5⤵
        
        PID:1240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 148
        6⤵
        Program crash
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        5⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        5⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        7⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58341.exe
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        5⤵
        Program crash
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58632.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
      4⤵
      PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
      4⤵
      PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        6⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        6⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        6⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        5⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        5⤵
        
        PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        5⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28533.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
      4⤵
      PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
      4⤵
      PID:8068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        6⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        6⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        5⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42517.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        6⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
      4⤵
      PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        5⤵
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        5⤵
        
        PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
      4⤵
      PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
      4⤵
      PID:7284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        5⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        5⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        5⤵
        
        PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      4⤵
      PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
      4⤵
      PID:7756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2344.exe
    3⤵
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
    3⤵
    PID:7128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        5⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        5⤵
        
        PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        6⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        5⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        5⤵
        
        PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
      4⤵
      Executes dropped EXE
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18804.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1024.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16204.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        6⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        5⤵
        
        PID:7072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        5⤵
        
        PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
      4⤵
      PID:7476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        5⤵
        
        PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      4⤵
      PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36404.exe
      4⤵
      PID:7220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
      4⤵
      PID:7988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
    3⤵
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
    3⤵
    PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
    3⤵
    PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
    3⤵
    PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
    3⤵
    PID:6940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57820.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
      4⤵
      PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      4⤵
      PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
      4⤵
      PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      4⤵
      PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
      4⤵
      PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
    3⤵
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
      4⤵
      PID:7560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
      4⤵
      PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
    3⤵
    PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
    3⤵
    PID:5224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
      4⤵
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        5⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
      4⤵
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
      4⤵
      PID:7600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
      4⤵
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      4⤵
      PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
    3⤵
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
      4⤵
      PID:7852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
    3⤵
    PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
    3⤵
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
    3⤵
    PID:5908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
    3⤵
    PID:6732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
    3⤵
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        5⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
      4⤵
      PID:7608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
    3⤵
    PID:3584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
    3⤵
    PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
    3⤵
    PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
    3⤵
    PID:7316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
  2⤵
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
      4⤵
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      4⤵
      PID:6792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
    3⤵
    PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
    3⤵
    PID:5980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
    3⤵
    PID:6692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
  2⤵
  PID:3488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27855.exe
  2⤵
  PID:3336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
  2⤵
  PID:5708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
  2⤵
  PID:6308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38878.exe
  2⤵
  PID:7444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe

Filesize
468KB

MD5
d0ddd8c9c77378a858de4c8bf25fc462

SHA1
89a79b6b0cc19689bb16ca3b10304ea4b027a5ea

SHA256
87473cf073baa68fc642c24711b12a1f63796ec048c6c41bcbf2084ee643e073

SHA512
b19d2acd245e2ef5a64e27bbdc5012e4072bd1b76f01331c14b1a8585a0b68146879d2eab39bed4b698fd0446dfef2be8e62eeb7698ce4259a87da8a13cb6beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe

Filesize
468KB

MD5
d7e18e12c327ea0658653edbe9af7dcc

SHA1
727d726bd10d44b3b1dc9684dffc2545c0889199

SHA256
ae8f1d47aa2e0e8cc93a172e4b509607ebd9e7a73e9486992b5de59d11e10c60

SHA512
dcff14612548eb03a7920e4e373e8301ec58655723388cfe5eb7c99b4aaba5b0c2908e85e179f641af0a04c1a20470d4b532748bab23244b0947836b9dce594b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe

Filesize
468KB

MD5
184ecb8ed5610678198b6bf0335e1fad

SHA1
d5dd834848216384862172ebe288777664fb857a

SHA256
7d485d6fd5890ad7a84d9e4652fb7a63a1aab5a274ae6ddcbbe45c4680f22b81

SHA512
0b6842e1235faf8b012d4dd469a4fac83a79d397cd42e9b2f14a06502384e74fd649aebecb294724faedb000ade275dac8f7ff93e595d70d9c8ed9f461c9891d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe

Filesize
468KB

MD5
b224793dffc590677099d7759a12f4b3

SHA1
acd62c413a6c09bab1a8d4e84652e166f27d2953

SHA256
504d91226359167a142b60dc938830e831d581b9524837dd83b14cc5bf844ff7

SHA512
3778db3e05a94a18984fe271cffba3794d61c3065692d7ec55fa711cccccca06c6936add937ba4b3f5d5ddb3256069eb0e43eac43765ae38cc563239996ee1fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe

Filesize
468KB

MD5
6d96051c8f5348eb4cdfb2bce1bc5dbb

SHA1
9d4ff17a78268c96580b59ce78fa2ed0505739f3

SHA256
47a0f9562472d4de4bc6abe7ffce99039c0a6c333c5112a747d9c5f73eab85a5

SHA512
5672ff9f1a1b7cb91a47196328016d35911a3804b55a867571d8118a86ed42dce4b64665d9437578ab8f28100743d1f45ca590589e6cb4b87941f9c2d675e52c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe

Filesize
468KB

MD5
28a44c1bc49d2b7618c50f5ff7f6433b

SHA1
9e5697a9b1a34a9eff526c82a475f1f252073474

SHA256
7caae21d3a571e139a26d0979759a2f9f92144b420436a48d7bc69496ff33a3f

SHA512
87cdf26a153b157cfb43c43c147ba1a380f2df3759e2565f170abb7c717b7f7f11e55b3aba796103f8f56198d76b883b18687f2353f0c1c7a81034d693276134

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe

Filesize
468KB

MD5
eac26a4bab9e5878c377d1afec175f0b

SHA1
99ee4d2a6498db7b5914d621c3a0099930302fce

SHA256
287b441481c7f73041db5b416d298ce9d7970f0fc5c1a0604730191cd6f629c9

SHA512
2867517ce9bd9ac40e43de341b42ea430936f034a50965839696f7aa694ce67c69c875e424e1fb78c9b214e4c5f9f0b91ccf59ecc9b0d0ee4c637c868ff1b036

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe

Filesize
468KB

MD5
f4d3bd150198b260271de6278916014d

SHA1
c04d5b7e8c90cbf3ea0cec1274ed8de96e0decaa

SHA256
4ce8bcff0f008649e3637c1af9bfa0afdb85ed8a4d4d90d94537785892aed231

SHA512
8c24dfadc594e1237ccf28a81049747534e6fbf83de033f9c4509d2d77368c01945ba894e70a03da5fd74a8b948521f99564d6caa019b38f71da1588460a47a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe

Filesize
468KB

MD5
56b38db9e1eac764947ac0464d9a87c4

SHA1
fbbbd6ce13690122e3900150f855d6358bad038d

SHA256
b25bcfc625d619980f5b432ab528e1037ede5513702e5dc54c5fd97548d3c8a7

SHA512
4167413fec080dd719a22a97a8a7e3d09d5b6e36b52910ca4ce65ded0f42f58f48da1a790ce21563e0d75b8ee9482a9b9c87e2af6711f6d8eb57617ee17606a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe

Filesize
468KB

MD5
d4a02069afcf349fd16778e30bbf7a4f

SHA1
a2ecf0ebad30303208d4b1a0b28f97dc5d00a841

SHA256
e5a1e7c8f120935ccdb08b4a05b1f3bb5c6237f01ccbec6d3a7ce3ca8ff8b06d

SHA512
7f1e0dbd602f643702965e921b0335bc58152599b3795e8fc593ef3a71eb41871444baf536e1a28ed8bcf62caa13e93f32f196c65bd285efaf1a4a79249f0033

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe

Filesize
468KB

MD5
c2f3bb2abc303c435c4177dc7611680c

SHA1
794cbbf8dc72207869d26ea87c15bbdaed578dd1

SHA256
2a61058d8eb900551727d7a8ef6a4c8a803be35ece652dcff196cef665cc83da

SHA512
04b7a44d13f066b76790799c876e7799685b9c7821ccd87b3aa0782d5adf6b2ee749f06312df793d19df3ad731f2cbcdbad4a4e4770abbcb2f7afd22344acfe8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe

Filesize
468KB

MD5
7c482f5773eb3297b791360a3782b34c

SHA1
9ac4df8699e9829f138018c4c4bcaea2e404313c

SHA256
7dfc0b615bb8c1da739dbff498efaf6724baa48646b1e94b8feb089049410300

SHA512
f9d1c05f6cdad5ae42ce23634d1c2d9931769bd8b821797e2a578e35d2052182a2e2fff20d8e5e716b2cdf9b82bc0b01e6c8545917bcf7a09412e106f62984a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe

Filesize
468KB

MD5
87bb080e9591f5b1c33183db26d41c34

SHA1
62569b0fabbd238c2189f870c7ce71c315279b57

SHA256
8df20eddc36d2137e04a686d1e164cb4c3e5b7c0b96d8e0dd59f65aaacd7b3d0

SHA512
23891dbfaf8f250c509952ec1cf6deca612c6af9fc38b2904eb382e51af5e469dbec3be00220036ba0b290dc6962c64a0bd88c967ec8cbfd2e653837263dc60b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe

Filesize
468KB

MD5
ccd8e59c13775a38a0fc2bf2afe1262b

SHA1
96c609b9b618a73e653238d1825ad2e4bf3dd0c7

SHA256
5881ac6adab5a889e370a10c286a218fa0689e89827bf140e349cdcb5d832d92

SHA512
b20ae7572516471aaca165bd6e1ff25e30a7c888998d063637568fac991e16b84df140b901bcf9646c3ea6694281ecdd14d1c51dcbae74193e9d01bf0d25604b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe

Filesize
468KB

MD5
36f00f094733d70a5c70e6e1cab1fdb8

SHA1
9fed1f8d89e5f63fc9502fec59d12813628be6fd

SHA256
5373d00321d11bb373a9b3937e50848e4c970b69eb55eeb9c598373dac159150

SHA512
41f066f27237667a2f42098e865c4efed850dbb2051949ee7f6ca868ba6d4e16916de22568ab78909625ffa72be0e912592d2f642fb458c709ff1a93950cd507

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe

Filesize
468KB

MD5
11fd9a09bbc73f5fe5c1eac4c05f4e6c

SHA1
f9bc72015c9da1c6a26c59f8e23714dfddd23582

SHA256
c1778362b6fc523898852a9c700e841f7f57cca8b59ff06b3e83a9cdfba6cd3f

SHA512
61c7c3c8d9d8f0d65e7582e55a5ae0d40a5c444b3e64ff4704f80a56c965141aaaa72d23f44744f57f291d8b669571b0de3206e564e1127c0e1f33d9e1cd6945

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe

Filesize
468KB

MD5
5bdff629394c65c2f1412c2b7b7e5c51

SHA1
7a85baf52708f5a80b3e3c28dc8cd0d9ef852626

SHA256
1fb19edf1026a1aba61bed1ecfbf7eaf25f1e7dad6192324de63713dd78a8be9

SHA512
73af0ebe3ef7be89e665df733f87ebe052f94fc29626238a5acea9e6a3581c961a9c80cad088a6cd17defa74daca532765c86065a6547a4079d009f2404e484d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe

Filesize
468KB

MD5
084abb0752f44a5eec22930a677315ad

SHA1
665fc1b644ea4bae65bd87ba3d0c64ac3e4f2a2e

SHA256
fbbc3030c86e45ad24cac5f2391222b24126cbe5fba144fa31afe81bc38dcfaa

SHA512
2f92eb73454b1b1ed767e2c5144ba43f7455fbe7cd2540e8020f7e0b7f78a045fe39f9ba509af7b86ca80cc43d271693bca8082943c68df4b6ca7d7eea8b6260

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe

Filesize
468KB

MD5
b3e065d7521226abee9be3505ff4f4bb

SHA1
80288520046469ebcc24b65045534535a48ba636

SHA256
0af9cd5e4b37915676c2271d6424d4bfcf6174ccdfa075850c4d004ce5aa2a3a

SHA512
eff8918b269c167747a5925de5ec739e0ea41fed1042b312bc41e2f4d0283f433c3be3cabb7f95d0f06062ed8dd74ae984850dac44a6706a3b83d781d0cae5c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-785.exe

Filesize
468KB

MD5
de864a6cd8b08a06c43065e5b6ee9695

SHA1
e75491498071bc254001ab1f198dad68a9e2eaa6

SHA256
fa78e75ca413fb72f803ccd77ca2b1e31bf5665e791ad70b549a28a686c75af3

SHA512
f9c8dce79794655d9a05753f0d061e6fc639c91d8d435cfe977d19f25a3ea249174d85d661818dfd653920aa7f6b3e8c94be44d6fc4a2a3734c8088552b14265

Download Submit