76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
Size

468KB
MD5

61c52e5ecd5204d9b23c5d21e79ac7e0
SHA1

8bc2c6c9ad67ae07fb5a3d05722bc5fd1758cc71
SHA256

76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65
SHA512

269d6328f23931487f93714d0a234ef60352a6b53237404a4e152d81853ba59064b7f713a491ec7d5fc740da0f8dc35ab3372ba5f83b6fb920bb41141805f523
SSDEEP

3072:/mkmovIwU35/jbYUPgSEOf8yG5W5R7OCj8HRxScmPTVSAGqu72lA:/m9oIJ/j3PfEOfl61cPTsrqu7

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-58519.exe
2872	Unicorn-31876.exe
2892	Unicorn-59910.exe
2172	Unicorn-43548.exe
2692	Unicorn-39272.exe
2664	Unicorn-41502.exe
1612	Unicorn-3070.exe
2524	Unicorn-57995.exe
2468	Unicorn-16697.exe
2268	Unicorn-50382.exe
2000	Unicorn-54466.exe
1268	Unicorn-12878.exe
2952	Unicorn-43313.exe
1696	Unicorn-57611.exe
2320	Unicorn-16963.exe
1364	Unicorn-34306.exe
3000	Unicorn-6272.exe
1708	Unicorn-16138.exe
2148	Unicorn-49765.exe
2188	Unicorn-25069.exe
2232	Unicorn-49765.exe
236	Unicorn-63086.exe
580	Unicorn-56956.exe
864	Unicorn-25069.exe
2512	Unicorn-43635.exe
524	Unicorn-49500.exe
2372	Unicorn-43303.exe
684	Unicorn-1716.exe
1676	Unicorn-14715.exe
2216	Unicorn-17669.exe
956	Unicorn-47004.exe
3064	Unicorn-60320.exe
2056	Unicorn-32286.exe
3020	Unicorn-35624.exe
1728	Unicorn-13157.exe
1564	Unicorn-47876.exe
1960	Unicorn-31538.exe
2740	Unicorn-15972.exe
2884	Unicorn-53112.exe
2852	Unicorn-382.exe
2640	Unicorn-32670.exe
2772	Unicorn-6350.exe
2832	Unicorn-35685.exe
2812	Unicorn-31239.exe
2660	Unicorn-31239.exe
2968	Unicorn-52728.exe
2680	Unicorn-27155.exe
2280	Unicorn-63911.exe
1080	Unicorn-55478.exe
2276	Unicorn-59562.exe
2736	Unicorn-55743.exe
2624	Unicorn-46813.exe
436	Unicorn-52679.exe
1532	Unicorn-40981.exe
1980	Unicorn-40981.exe
1084	Unicorn-36897.exe
1604	Unicorn-58801.exe
1636	Unicorn-52679.exe
2908	Unicorn-57318.exe
1744	Unicorn-32067.exe
2004	Unicorn-34104.exe
1644	Unicorn-23899.exe
2316	Unicorn-1624.exe
656	Unicorn-12414.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2416	Unicorn-58519.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2416	Unicorn-58519.exe
2872	Unicorn-31876.exe
2872	Unicorn-31876.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2892	Unicorn-59910.exe
2892	Unicorn-59910.exe
2416	Unicorn-58519.exe
2416	Unicorn-58519.exe
2172	Unicorn-43548.exe
2172	Unicorn-43548.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2872	Unicorn-31876.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2692	Unicorn-39272.exe
2872	Unicorn-31876.exe
2692	Unicorn-39272.exe
2892	Unicorn-59910.exe
2892	Unicorn-59910.exe
1612	Unicorn-3070.exe
1612	Unicorn-3070.exe
2416	Unicorn-58519.exe
2416	Unicorn-58519.exe
2664	Unicorn-41502.exe
2664	Unicorn-41502.exe
2524	Unicorn-57995.exe
2524	Unicorn-57995.exe
2172	Unicorn-43548.exe
2172	Unicorn-43548.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2952	Unicorn-43313.exe
2892	Unicorn-59910.exe
2468	Unicorn-16697.exe
1696	Unicorn-57611.exe
2268	Unicorn-50382.exe
2872	Unicorn-31876.exe
2000	Unicorn-54466.exe
2268	Unicorn-50382.exe
2872	Unicorn-31876.exe
2000	Unicorn-54466.exe
2952	Unicorn-43313.exe
2892	Unicorn-59910.exe
2468	Unicorn-16697.exe
1696	Unicorn-57611.exe
2416	Unicorn-58519.exe
2416	Unicorn-58519.exe
2320	Unicorn-16963.exe
2320	Unicorn-16963.exe
1612	Unicorn-3070.exe
1612	Unicorn-3070.exe
2664	Unicorn-41502.exe
2664	Unicorn-41502.exe
1268	Unicorn-12878.exe
1268	Unicorn-12878.exe
2692	Unicorn-39272.exe
2692	Unicorn-39272.exe
1364	Unicorn-34306.exe
2524	Unicorn-57995.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6152	5508	WerFault.exe	544

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40981.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
2416	Unicorn-58519.exe
2872	Unicorn-31876.exe
2892	Unicorn-59910.exe
2172	Unicorn-43548.exe
2692	Unicorn-39272.exe
2664	Unicorn-41502.exe
1612	Unicorn-3070.exe
2524	Unicorn-57995.exe
2468	Unicorn-16697.exe
2268	Unicorn-50382.exe
2000	Unicorn-54466.exe
2952	Unicorn-43313.exe
1696	Unicorn-57611.exe
2320	Unicorn-16963.exe
1268	Unicorn-12878.exe
1364	Unicorn-34306.exe
3000	Unicorn-6272.exe
2188	Unicorn-25069.exe
2148	Unicorn-49765.exe
1708	Unicorn-16138.exe
2232	Unicorn-49765.exe
864	Unicorn-25069.exe
524	Unicorn-49500.exe
236	Unicorn-63086.exe
580	Unicorn-56956.exe
2512	Unicorn-43635.exe
684	Unicorn-1716.exe
2372	Unicorn-43303.exe
1676	Unicorn-14715.exe
2216	Unicorn-17669.exe
956	Unicorn-47004.exe
3064	Unicorn-60320.exe
2056	Unicorn-32286.exe
3020	Unicorn-35624.exe
1728	Unicorn-13157.exe
1564	Unicorn-47876.exe
1960	Unicorn-31538.exe
2740	Unicorn-15972.exe
2884	Unicorn-53112.exe
2852	Unicorn-382.exe
2640	Unicorn-32670.exe
2772	Unicorn-6350.exe
2832	Unicorn-35685.exe
2812	Unicorn-31239.exe
2280	Unicorn-63911.exe
2660	Unicorn-31239.exe
2680	Unicorn-27155.exe
2736	Unicorn-55743.exe
1080	Unicorn-55478.exe
2276	Unicorn-59562.exe
2968	Unicorn-52728.exe
1604	Unicorn-58801.exe
1980	Unicorn-40981.exe
1084	Unicorn-36897.exe
1532	Unicorn-40981.exe
1636	Unicorn-52679.exe
2624	Unicorn-46813.exe
1744	Unicorn-32067.exe
2908	Unicorn-57318.exe
2316	Unicorn-1624.exe
2004	Unicorn-34104.exe
1644	Unicorn-23899.exe
656	Unicorn-12414.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2416	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	29
PID 2248 wrote to memory of 2416	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	29
PID 2248 wrote to memory of 2416	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	29
PID 2248 wrote to memory of 2416	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	29
PID 2248 wrote to memory of 2872	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	30
PID 2248 wrote to memory of 2872	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	30
PID 2248 wrote to memory of 2872	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	30
PID 2248 wrote to memory of 2872	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	30
PID 2416 wrote to memory of 2892	2416	Unicorn-58519.exe	31
PID 2416 wrote to memory of 2892	2416	Unicorn-58519.exe	31
PID 2416 wrote to memory of 2892	2416	Unicorn-58519.exe	31
PID 2416 wrote to memory of 2892	2416	Unicorn-58519.exe	31
PID 2872 wrote to memory of 2172	2872	Unicorn-31876.exe	32
PID 2872 wrote to memory of 2172	2872	Unicorn-31876.exe	32
PID 2872 wrote to memory of 2172	2872	Unicorn-31876.exe	32
PID 2872 wrote to memory of 2172	2872	Unicorn-31876.exe	32
PID 2248 wrote to memory of 2664	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	33
PID 2248 wrote to memory of 2664	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	33
PID 2248 wrote to memory of 2664	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	33
PID 2248 wrote to memory of 2664	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	33
PID 2892 wrote to memory of 2692	2892	Unicorn-59910.exe	34
PID 2892 wrote to memory of 2692	2892	Unicorn-59910.exe	34
PID 2892 wrote to memory of 2692	2892	Unicorn-59910.exe	34
PID 2892 wrote to memory of 2692	2892	Unicorn-59910.exe	34
PID 2416 wrote to memory of 1612	2416	Unicorn-58519.exe	35
PID 2416 wrote to memory of 1612	2416	Unicorn-58519.exe	35
PID 2416 wrote to memory of 1612	2416	Unicorn-58519.exe	35
PID 2416 wrote to memory of 1612	2416	Unicorn-58519.exe	35
PID 2172 wrote to memory of 2524	2172	Unicorn-43548.exe	36
PID 2172 wrote to memory of 2524	2172	Unicorn-43548.exe	36
PID 2172 wrote to memory of 2524	2172	Unicorn-43548.exe	36
PID 2172 wrote to memory of 2524	2172	Unicorn-43548.exe	36
PID 2248 wrote to memory of 2468	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	37
PID 2248 wrote to memory of 2468	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	37
PID 2248 wrote to memory of 2468	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	37
PID 2248 wrote to memory of 2468	2248	76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe	37
PID 2872 wrote to memory of 2268	2872	Unicorn-31876.exe	38
PID 2872 wrote to memory of 2268	2872	Unicorn-31876.exe	38
PID 2872 wrote to memory of 2268	2872	Unicorn-31876.exe	38
PID 2872 wrote to memory of 2268	2872	Unicorn-31876.exe	38
PID 2692 wrote to memory of 1268	2692	Unicorn-39272.exe	39
PID 2692 wrote to memory of 1268	2692	Unicorn-39272.exe	39
PID 2692 wrote to memory of 1268	2692	Unicorn-39272.exe	39
PID 2692 wrote to memory of 1268	2692	Unicorn-39272.exe	39
PID 2892 wrote to memory of 2000	2892	Unicorn-59910.exe	40
PID 2892 wrote to memory of 2000	2892	Unicorn-59910.exe	40
PID 2892 wrote to memory of 2000	2892	Unicorn-59910.exe	40
PID 2892 wrote to memory of 2000	2892	Unicorn-59910.exe	40
PID 1612 wrote to memory of 1696	1612	Unicorn-3070.exe	41
PID 1612 wrote to memory of 1696	1612	Unicorn-3070.exe	41
PID 1612 wrote to memory of 1696	1612	Unicorn-3070.exe	41
PID 1612 wrote to memory of 1696	1612	Unicorn-3070.exe	41
PID 2416 wrote to memory of 2952	2416	Unicorn-58519.exe	42
PID 2416 wrote to memory of 2952	2416	Unicorn-58519.exe	42
PID 2416 wrote to memory of 2952	2416	Unicorn-58519.exe	42
PID 2416 wrote to memory of 2952	2416	Unicorn-58519.exe	42
PID 2664 wrote to memory of 2320	2664	Unicorn-41502.exe	43
PID 2664 wrote to memory of 2320	2664	Unicorn-41502.exe	43
PID 2664 wrote to memory of 2320	2664	Unicorn-41502.exe	43
PID 2664 wrote to memory of 2320	2664	Unicorn-41502.exe	43
PID 2524 wrote to memory of 1364	2524	Unicorn-57995.exe	44
PID 2524 wrote to memory of 1364	2524	Unicorn-57995.exe	44
PID 2524 wrote to memory of 1364	2524	Unicorn-57995.exe	44
PID 2524 wrote to memory of 1364	2524	Unicorn-57995.exe	44

C:\Users\Admin\AppData\Local\Temp\76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe
"C:\Users\Admin\AppData\Local\Temp\76aea752048d4d8aedc377b3ed91a31567a7aa9ce90c1c80e6963ac2ce234d65N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        7⤵
        Executes dropped EXE
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        8⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38973.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        7⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38564.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        7⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        7⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        6⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
        6⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        7⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        7⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        6⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        6⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32592.exe
        6⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
        6⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        6⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe
        5⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        5⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        5⤵
        
        PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42565.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51428.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28780.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        7⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22093.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        7⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        7⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        6⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        7⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62019.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        6⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65246.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        6⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        5⤵
        
        PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        7⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        6⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17183.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        5⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55478.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63860.exe
        5⤵
        
        PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
      4⤵
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
      4⤵
      PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
      4⤵
      PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
      4⤵
      PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
      4⤵
      PID:7284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12255.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        8⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        7⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        7⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65523.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        7⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        6⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        6⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        7⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        7⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        6⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        7⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        5⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
        7⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
        6⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        6⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        5⤵
        
        PID:360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43592.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
        5⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        6⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        6⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        5⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38680.exe
        5⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        5⤵
        
        PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20793.exe
        5⤵
        
        PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35897.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
      4⤵
      PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
      4⤵
      PID:7956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        6⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
        6⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        6⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28004.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52632.exe
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        5⤵
        
        PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
      4⤵
      PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
      4⤵
      PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
      4⤵
      PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        5⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28714.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        6⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20954.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        6⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        5⤵
        
        PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        5⤵
        
        PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46407.exe
      4⤵
      PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
      4⤵
      PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29654.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
      4⤵
      PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
      4⤵
      PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
      4⤵
      PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
    3⤵
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
    3⤵
    PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
    3⤵
    PID:6280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
    3⤵
    PID:2396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        9⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        9⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
        9⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52652.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31139.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        8⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        7⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        7⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        6⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        7⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
        7⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        6⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        7⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9967.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        6⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
        6⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        6⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        7⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
        7⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        6⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13860.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        5⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50266.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22421.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        5⤵
        
        PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
      4⤵
      PID:7952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
        7⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        7⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49539.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        6⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        5⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
        6⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60100.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        5⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        5⤵
        
        PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
      4⤵
      PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
      4⤵
      PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
      4⤵
      PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
      4⤵
      PID:7764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43635.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41500.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21602.exe
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        5⤵
        
        PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
      4⤵
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19965.exe
        5⤵
        
        PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
      4⤵
      PID:8188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
      4⤵
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39801.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
      4⤵
      PID:7280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
    3⤵
    PID:5820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
    3⤵
    PID:7456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50390.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        6⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        5⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        6⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        6⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        5⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        6⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        5⤵
        
        PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
      4⤵
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
      4⤵
      PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
      4⤵
      PID:7508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19483.exe
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        6⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        6⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-675.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        5⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        5⤵
        
        PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65502.exe
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
      4⤵
      PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
      4⤵
      PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
      4⤵
      PID:5508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 188
        5⤵
        Program crash
        
        PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
      4⤵
      PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
      4⤵
      PID:7816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
    3⤵
    PID:964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
    3⤵
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14352.exe
    3⤵
    PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
    3⤵
    PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
    3⤵
    PID:7520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        6⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        7⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        6⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        6⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        5⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
      4⤵
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1755.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
      4⤵
      PID:7780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
      4⤵
      PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47634.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
      4⤵
      PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
      4⤵
      PID:8460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
    3⤵
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
    3⤵
    PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
    3⤵
    PID:4196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
    3⤵
    PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
    3⤵
    PID:6680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
    3⤵
    PID:8204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
      4⤵
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        6⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54858.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        5⤵
        
        PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
      4⤵
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        5⤵
        
        PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
      4⤵
      PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
      4⤵
      PID:7524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        5⤵
        
        PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
      4⤵
      PID:8736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
    3⤵
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3229.exe
      4⤵
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
    3⤵
    PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
    3⤵
    PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
    3⤵
    PID:8616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
      4⤵
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        5⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        5⤵
        
        PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
      4⤵
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
      4⤵
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
      4⤵
      PID:8688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
      4⤵
      PID:8380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
    3⤵
    PID:6084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
    3⤵
    PID:6508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
    3⤵
    PID:7220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17034.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
    3⤵
    PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
    3⤵
    PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
    3⤵
    PID:7380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
    3⤵
    PID:9024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
  2⤵
  PID:2724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
  2⤵
  PID:4532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
  2⤵
  PID:5216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
  2⤵
  PID:7104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
  2⤵
  PID:7724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe

Filesize
468KB

MD5
8b32f58210ae087bd26cb9300d4b937d

SHA1
fcff5c47373b2bcab23cb118a411ce7ffbc2b286

SHA256
2a547c06c238752d1c38a65d72461bbcfe5a301689ada008136f66a79c66d9cf

SHA512
f716c5cb8a7a6c51cee83a048e833a661509e63cb4294f3ee2ac58d00e025628b403d8affd25eaff9a7091f25de990ff20416d6041fbe44a3a75b4ef4e0a3b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe

Filesize
468KB

MD5
c7b053cbcbeb2cd4157d2b98dc4e06e2

SHA1
1410d812bee658cdb58c9d92bb76d0a2336491d9

SHA256
c021dd9f4e872dfa1ae5f9ed514e81beaf1b60206cd188053d552efc7607b883

SHA512
ad5c1de42df9140fff244a24486922969aac5e08fb2af48586b7615f8dfe3a9fb1ad623b55784961599e594bab7bf0a815a9fb188a3ec1574aa98c8f3437920d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe

Filesize
468KB

MD5
9b3b6937f81dac695dc12f5ce59a9ffe

SHA1
b54a8f1ab5594f69d00e13c35407c0e49fdcf6da

SHA256
3023a4ecda8f7120a534433a9b5448e4c5b43e7aed51e19411b62a9c1c261244

SHA512
54ef606d8e4497e3f716f9e7a3f2226240b419854c45bf25759fe57db5c7f2208b8cc514c916921877f55e71ddc6b355cfbc0fcffea4182b3987565396b107f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe

Filesize
468KB

MD5
05ba18ab65d3643177188fefeec73061

SHA1
e5fa732bbf2fa08e62855d8e1f848c609e785db1

SHA256
eb8badf39c901472363358ba44dd07da02a7926076cb56b0ea771ca1e2563534

SHA512
b8500dfa9ff16c00d25aca67e3ebb40cd55fcdd592cc3dab1ed6f10a0f7d332f8c9950f3457df7e85d191c3c532182c2c8f13deed7b69c710836d6ea9c30e9c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe

Filesize
468KB

MD5
789e57592038c97e0054a73a41e101ee

SHA1
7ad5a86ed5c6533b5feaaa2f4e303b176614057f

SHA256
da3aff3cd242d9a3b0ae233a2993432dfff66a887b13ee5dbe07ec9da6e53e83

SHA512
4ddf72ae1bfd5d38dd638e56431e1fefd7b88d8202dafd9c3e8b22e47c86676418d4cd688b0df3b43a4c0cb1bc065e22e69e5621e17ea608e97bb6c4b93ed841

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe

Filesize
468KB

MD5
34802705f71e914da1b22e55c4bb790b

SHA1
6af76f9fceed6b1bd6000869a91fa23a89445f71

SHA256
61f28dd2a1d5f78429193a5e1b5e29e093c37575d86a10bb58efe9574436e70e

SHA512
67895595a32b822947feab4437dedc7cdaadba712e57f54138f0ef539cd288288cfd3caa9f4d9fbd1561149710f732e9b7fdf625d80d313cc3d7d5e25861fa83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe

Filesize
468KB

MD5
3f16c743bac981e9471688381c5e4bac

SHA1
6457086945b97e5a904a3bbe6193242201beb3ef

SHA256
e2aaeb14e2d0424d92abbc7ccec47776c3575f275ff0a11843eed842c363b7ff

SHA512
f634fbf6ed636a2a3c37999200e092595c37c04a039270a0dfec63b76c8b96aa8ceabf707cf62060e5473f84cac9674ea81fdff261188080e6d53647bc68f635

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe

Filesize
468KB

MD5
87c9a0b8f460acb964f1b578682e1ffc

SHA1
5ff9a5139806ba5b8896aab17a8c6992ad12cda8

SHA256
eeeb4f38f3c88f4490ec86285ed8a11e130cac0b9bf6474d05d9c169ab87f9af

SHA512
2da285d748e5aa4a908f8e23a4a5ff913222a0a0be2c63686433bc10df32e5447bce0e2cc478dd105f1fb9317bbe80faf8d734fe4804ac44dc529a581ed80536

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe

Filesize
468KB

MD5
6ecc87a09486424dfeb02e50eeb87ba9

SHA1
50e65bf1df5a7015ea40d32e8dc7ae23acbf5f6a

SHA256
1e98c4e8de188f32908476ae7954c688395a02ca026395ba0ca2e1a345dac000

SHA512
f2b63534249e2d5c97d2235af4ddff9fec28ccca6c7f0baf785c2a5640e13bbb857964c85a2493416f66c3fcc662a75744f7ca3e3a6a60f1230e38fe104a21eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe

Filesize
468KB

MD5
93b05b705ba97a6d10a43b67e3442c74

SHA1
e0073c522ec5e913ebaadd2150a77cb0945ef018

SHA256
0f08ef7e0ffa52ac8b0a32fbf70f8bcc2aa457e36b20a1b717330fc31af0a61c

SHA512
d80a54541f71952aa3b81eab97737c87c56cc47a62a830ec7d5eca943d88dd2f14803cca37c4610102edce224cb1437d305ffec71fde571f9c300a333ca65558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe

Filesize
468KB

MD5
a1b489212055f1ecc4f4499b1894fe76

SHA1
b67b55357df371cd4b71cd7dda1acfa14849d135

SHA256
48fc29b1626295aaae0fbee9694370e3307ac04bb8f855c1fdbb08a8bf9b6caa

SHA512
0695eb4fd97cdde5e87b1a4b5bac72b2e1699fda0e5ab6a0181dc9000df45a05c0f2e187262e6778d9db6a9a50855a3637417d54278ae98e5a186952a52380fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe

Filesize
468KB

MD5
bd667acbfca35195fadbc1cf541ebdee

SHA1
bfe29e0e389d1813bc12060de67f84bd571316f1

SHA256
f8fa598c3f4525f06e1f9282469823e1107f9a56ed9af95bf835b388ae1b172e

SHA512
71fc67d096441ffa609557d31b0657a2998bc3e33654ec2932b23f10d33acfe3849174af5c525c6d087c374282ade7c965526a8aeb878835e53784e58528d18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe

Filesize
468KB

MD5
68adb7e0326134c9788c8f2f6f725be8

SHA1
590d6ab46d5a329c4c8c8d7ae0e4dfd7b4502037

SHA256
91e29d1e89ff5e9d6cf91efff637baf8fd0566252cb64ed3da20dd9ad4042523

SHA512
9a654d19feb7863c64890630543c0d05f9e4dc5142fd05fe910c6a9f54202313e5536900e91cdaed86206b5fc21b42135e8f0941d33a67160e0189c89b264523

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe

Filesize
468KB

MD5
b4bed1f9706b992cbc42a7a03dc54c75

SHA1
b0299c5c1ba4257c4945371857aa6d8b14fad4b5

SHA256
d676e2ef9cf3560c373deda34c6f4887a1061c558e16739d5275ea1d7cefebd0

SHA512
c919c257bb8ef9f79f8ddf667464e3b96f14e9f9b1209a421191b682a65181f5d39e7b1ad2656b57637a6127d45407bfa4da3f8fc572442f4bb0bdb025d85612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe

Filesize
468KB

MD5
95cbaa84b683753808f8a46874f15d06

SHA1
b41a6fca34de28bf1224253501b284588d6513ec

SHA256
6fb51768a2aa6057853194be638fadbde7defe4f60052ad229805c25a9cdf6d4

SHA512
4f9a36833bea67ec242163c50a0eb8544b8f0585d1bd366ce4cd185312f9cbdf6f57605bc0f74061136847fccf5644b281b9d92e0bd1666bf0345f747dbb32c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe

Filesize
468KB

MD5
4a40b674e97c8f4e950647c03443a6c0

SHA1
8ea247e190928f2997a2d4265b653e83bd8aec63

SHA256
82e1e9a9ea501d275d4135a968fda59767657a5f6531ca7ecc73b202822f769d

SHA512
a6da81524973fefcf1eab5dc4b6b1f4637887baca7f7ba1d599f5d039bd0052bf605dc7a71fd70e1953424f0852e23cc6269197b34a98538fdf34792a02f88ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe

Filesize
468KB

MD5
366884c092689aa6f4b1c1c3957b033d

SHA1
8f9ea9be22a3f6a4f91ef2f4c36d2a36867162e1

SHA256
236b67a04e3d9d6fcec6da060cb9669c79578c8bcdb4709f1cf18a1aaa9d842a

SHA512
3ec87dcda1fa9e6de0678be71ba2feaa0dfedfa22a6a7d4ec7858576bd6b39eeca43973b83f8f21779810bf669f9c8fb74e4c49627e83345a0c4b729df623db9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe

Filesize
468KB

MD5
656f35785512d714e540075f0f644c50

SHA1
ffb1234c075c13d61d5eeaadb587922e1c193280

SHA256
deee0a63097dc8c58c58741ff17a460ec972aa37d9ddb540ca23b8a210abeda8

SHA512
eaec01322e1635fb162da073c0afd8811a2cd7665c33e709214024146be9a3ad226267ff2520abfd8db2a66cb55d97f2122ffaa9cec4b15b8863d5c74a35368e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe

Filesize
468KB

MD5
c3e616b215a10b46ee79ab56af94fef9

SHA1
91d589f6361bf80bc832cd461b529d2215fd8ce4

SHA256
321d0525d6b4c6480538a10e8b873043d4ae776d314a19388c6a223e0a0e71e6

SHA512
22321c4b18b3c70561ceadd30b9fd736f55e0112e611d5c09637765c771f10ce8d696801f3de719cd78326e6ce42504701a6bbd376744b498a863665bb6202b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe

Filesize
468KB

MD5
4e89ae0c0088565d75efbf8deb61a914

SHA1
c4d0464eee5ade1962c54f76c5e52b506f9a0b17

SHA256
9042b18c9c6cd62bf41536d864aaab13d04dd9b55b1025d9863b5708a4d9e9d2

SHA512
fc257f77e5f6ef6d9c8cb97f4966b0b82947de3f8feb50afa06e2972d2c3458f1c5bbb1c43d828d4c7b395cf21bc8c3a6be1abc45ba4a0a1960f7a58f2c37089

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe

Filesize
468KB

MD5
7397c7697777050f16e4a323a820d718

SHA1
7efecbfbc985c5fbda7d991451b6f27744d70e33

SHA256
0c1a980fcfbb53a7fc481f6ebbd9cff2c1542e917abdb6c2cc07b9938cf90086

SHA512
dfd99786b3df4ee7e035905eef2319b0610a847a86b7cd1fca9c25bb135e2d81de49e5311f0484596acf7172e372c7c7a01083854c683cdfb8001c364c63d363

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe

Filesize
468KB

MD5
5ed42237cdbc9a5c855f23e8458e979d

SHA1
b1a6731876be98d7467d7b6779988c90eae512bb

SHA256
682cab98d0daf6f31bca29faa3de39b99286de14320dca53dac3e46ba52a5e57

SHA512
adeb5128a416446e8a75fb1b66f3a59256c7cbb31e5c0da18021d409c448d6c823141a4aebfe67e354322ca9f26203acde86eecd3aad3a38cc4c331df23fd24b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe

Filesize
468KB

MD5
4eadf22c1f9fdee3cc60843764b4b6af

SHA1
c95a06ce7aa5ce4910a862e3d2e7ec5cf7df227b

SHA256
888afb712160f8f4946621423eccf58faef41a3bec605b4f879fbbc5b9e2646b

SHA512
34ec7b63a23e0332590634ab1e250303ae7f33817590b89b8dafbccce0fd96beb26331ae59fabb624a5b01db233816ff5109eb1c1191b4b299226dab2e6f3a11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe

Filesize
468KB

MD5
5ce85b761f66a2b561e80859cb341f83

SHA1
b83599f8f1b40fd526b8c1eab16177d45c36a0c5

SHA256
d5621daf59121ace099aa37075566309a3fdda47e54362112ca3aa1954595431

SHA512
d873657b010a3f64fe91090ddd23a79a9f5bd800500ff18216d1c598d19dcd9d2d33def4e33b78d353bd55acbf88bf3557dc5daa0f2fed6278b98dd734a3f31d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe

Filesize
468KB

MD5
85c5b67389792673d2a2d16cdb53a6fb

SHA1
4901782b830305c506efa212f057ac506d70771e

SHA256
b547e728f331112eb334dbf58e66cbe42ab835c6fb79babc1670b9373c09023b

SHA512
c4c32add50767cd635ce6d9d8b6a1c6346005f91c23ea955c7ab1b6239f0c6965927f760a8b8b9d8942c07e7bf4a87e1255d0e11b88de83b5361b393b747eb71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe

Filesize
468KB

MD5
fc90a1b0d34da1d994f3640a1eed63a3

SHA1
c2bf55c83a6a1f88fa95a165d25fe75e5ecf892f

SHA256
70cff359c936c243a3799a8deb109787e7d1dc2abebf093f8e1bda21f5eb2b1c

SHA512
b459641276b6ce87bff3906d9287fad2576227546dcb3a600b2f57723ab20b0ddf99c3109a2ab7135237c7432c706caaa504fc9a8ca30cd28dac37db8deebae2

Download Submit