cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97

Analysis

max time kernel
118s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
Size

468KB
MD5

6349fd26c7324a95107a004c3a2e9f30
SHA1

e93bedde333fd462e116cf5a274f76480c6375f5
SHA256

cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97
SHA512

986a9e4bd185dfe4e3ebd44fce91d3945dd23e48df0b2212bb925e64ce6d4ac7e1f4f711212281cdd432e9ca415868bf86377f26730321b62e5d8a9c11664d78
SSDEEP

3072:96+Co3kOIV3KtbYUPzcXNfT/rChfPIpvn1HhRVLis0Gp62pNSjlW:96Toq9KtnP4XNfq0n6s0eRpNS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2072	Unicorn-24392.exe
276	Unicorn-21507.exe
2204	Unicorn-1641.exe
3064	Unicorn-50946.exe
2832	Unicorn-43332.exe
2816	Unicorn-61152.exe
2688	Unicorn-63198.exe
2636	Unicorn-39016.exe
2592	Unicorn-28470.exe
2284	Unicorn-52420.exe
1784	Unicorn-60323.exe
280	Unicorn-64672.exe
1832	Unicorn-3219.exe
2344	Unicorn-62818.exe
2364	Unicorn-49083.exe
1700	Unicorn-62015.exe
2464	Unicorn-32851.exe
2224	Unicorn-34888.exe
1408	Unicorn-49742.exe
2052	Unicorn-12238.exe
1540	Unicorn-33043.exe
2940	Unicorn-24112.exe
2668	Unicorn-29513.exe
1160	Unicorn-53463.exe
536	Unicorn-49934.exe
1696	Unicorn-8346.exe
316	Unicorn-8346.exe
1964	Unicorn-34003.exe
772	Unicorn-41906.exe
1692	Unicorn-36041.exe
3052	Unicorn-46810.exe
2948	Unicorn-9965.exe
2448	Unicorn-22388.exe
2900	Unicorn-62674.exe
2272	Unicorn-10328.exe
1628	Unicorn-5544.exe
2264	Unicorn-35071.exe
2288	Unicorn-9820.exe
2772	Unicorn-48231.exe
2780	Unicorn-54361.exe
2712	Unicorn-42663.exe
2704	Unicorn-5715.exe
2604	Unicorn-25581.exe
2012	Unicorn-56591.exe
1436	Unicorn-17605.exe
1668	Unicorn-57676.exe
1828	Unicorn-26327.exe
2008	Unicorn-50277.exe
2276	Unicorn-50277.exe
3044	Unicorn-24686.exe
1656	Unicorn-30817.exe
1068	Unicorn-10951.exe
1404	Unicorn-55705.exe
2856	Unicorn-59027.exe
1556	Unicorn-2420.exe
1776	Unicorn-18757.exe
784	Unicorn-30744.exe
1416	Unicorn-53083.exe
2168	Unicorn-17915.exe
844	Unicorn-22265.exe
1600	Unicorn-841.exe
1264	Unicorn-841.exe
344	Unicorn-52643.exe
1840	Unicorn-52643.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2072	Unicorn-24392.exe
2072	Unicorn-24392.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
276	Unicorn-21507.exe
276	Unicorn-21507.exe
2072	Unicorn-24392.exe
2072	Unicorn-24392.exe
2204	Unicorn-1641.exe
2204	Unicorn-1641.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
3064	Unicorn-50946.exe
3064	Unicorn-50946.exe
276	Unicorn-21507.exe
276	Unicorn-21507.exe
2816	Unicorn-61152.exe
2816	Unicorn-61152.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2688	Unicorn-63198.exe
2688	Unicorn-63198.exe
2832	Unicorn-43332.exe
2832	Unicorn-43332.exe
2204	Unicorn-1641.exe
2072	Unicorn-24392.exe
2204	Unicorn-1641.exe
2072	Unicorn-24392.exe
2592	Unicorn-28470.exe
2592	Unicorn-28470.exe
2636	Unicorn-39016.exe
2636	Unicorn-39016.exe
276	Unicorn-21507.exe
276	Unicorn-21507.exe
3064	Unicorn-50946.exe
3064	Unicorn-50946.exe
1784	Unicorn-60323.exe
1784	Unicorn-60323.exe
2284	Unicorn-52420.exe
2284	Unicorn-52420.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2816	Unicorn-61152.exe
2816	Unicorn-61152.exe
1832	Unicorn-3219.exe
1832	Unicorn-3219.exe
2832	Unicorn-43332.exe
2832	Unicorn-43332.exe
2344	Unicorn-62818.exe
2364	Unicorn-49083.exe
2344	Unicorn-62818.exe
2364	Unicorn-49083.exe
280	Unicorn-64672.exe
280	Unicorn-64672.exe
2072	Unicorn-24392.exe
2072	Unicorn-24392.exe
2204	Unicorn-1641.exe
2204	Unicorn-1641.exe
2688	Unicorn-63198.exe
2688	Unicorn-63198.exe
1700	Unicorn-62015.exe
1700	Unicorn-62015.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2764	2940	WerFault.exe	51
956	2868	WerFault.exe	169
5464	1212	WerFault.exe	141
6384	992	WerFault.exe	139

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31624.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
2072	Unicorn-24392.exe
276	Unicorn-21507.exe
2204	Unicorn-1641.exe
3064	Unicorn-50946.exe
2832	Unicorn-43332.exe
2816	Unicorn-61152.exe
2688	Unicorn-63198.exe
2592	Unicorn-28470.exe
2636	Unicorn-39016.exe
2284	Unicorn-52420.exe
1784	Unicorn-60323.exe
280	Unicorn-64672.exe
1832	Unicorn-3219.exe
2364	Unicorn-49083.exe
2344	Unicorn-62818.exe
1700	Unicorn-62015.exe
2464	Unicorn-32851.exe
2052	Unicorn-12238.exe
1408	Unicorn-49742.exe
2668	Unicorn-29513.exe
2224	Unicorn-34888.exe
2940	Unicorn-24112.exe
1540	Unicorn-33043.exe
1160	Unicorn-53463.exe
536	Unicorn-49934.exe
316	Unicorn-8346.exe
1696	Unicorn-8346.exe
1964	Unicorn-34003.exe
772	Unicorn-41906.exe
1692	Unicorn-36041.exe
3052	Unicorn-46810.exe
2948	Unicorn-9965.exe
2448	Unicorn-22388.exe
2900	Unicorn-62674.exe
2272	Unicorn-10328.exe
1628	Unicorn-5544.exe
2264	Unicorn-35071.exe
2288	Unicorn-9820.exe
2772	Unicorn-48231.exe
2780	Unicorn-54361.exe
2712	Unicorn-42663.exe
2012	Unicorn-56591.exe
2704	Unicorn-5715.exe
2604	Unicorn-25581.exe
1436	Unicorn-17605.exe
1668	Unicorn-57676.exe
1828	Unicorn-26327.exe
2008	Unicorn-50277.exe
2276	Unicorn-50277.exe
3044	Unicorn-24686.exe
1068	Unicorn-10951.exe
1656	Unicorn-30817.exe
1404	Unicorn-55705.exe
1556	Unicorn-2420.exe
2856	Unicorn-59027.exe
1776	Unicorn-18757.exe
784	Unicorn-30744.exe
1416	Unicorn-53083.exe
2168	Unicorn-17915.exe
844	Unicorn-22265.exe
2032	Unicorn-6971.exe
1840	Unicorn-52643.exe
324	Unicorn-6971.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2072	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	30
PID 2380 wrote to memory of 2072	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	30
PID 2380 wrote to memory of 2072	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	30
PID 2380 wrote to memory of 2072	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	30
PID 2072 wrote to memory of 276	2072	Unicorn-24392.exe	31
PID 2072 wrote to memory of 276	2072	Unicorn-24392.exe	31
PID 2072 wrote to memory of 276	2072	Unicorn-24392.exe	31
PID 2072 wrote to memory of 276	2072	Unicorn-24392.exe	31
PID 2380 wrote to memory of 2204	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	32
PID 2380 wrote to memory of 2204	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	32
PID 2380 wrote to memory of 2204	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	32
PID 2380 wrote to memory of 2204	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	32
PID 276 wrote to memory of 3064	276	Unicorn-21507.exe	33
PID 276 wrote to memory of 3064	276	Unicorn-21507.exe	33
PID 276 wrote to memory of 3064	276	Unicorn-21507.exe	33
PID 276 wrote to memory of 3064	276	Unicorn-21507.exe	33
PID 2072 wrote to memory of 2832	2072	Unicorn-24392.exe	34
PID 2072 wrote to memory of 2832	2072	Unicorn-24392.exe	34
PID 2072 wrote to memory of 2832	2072	Unicorn-24392.exe	34
PID 2072 wrote to memory of 2832	2072	Unicorn-24392.exe	34
PID 2204 wrote to memory of 2688	2204	Unicorn-1641.exe	35
PID 2204 wrote to memory of 2688	2204	Unicorn-1641.exe	35
PID 2204 wrote to memory of 2688	2204	Unicorn-1641.exe	35
PID 2204 wrote to memory of 2688	2204	Unicorn-1641.exe	35
PID 2380 wrote to memory of 2816	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	36
PID 2380 wrote to memory of 2816	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	36
PID 2380 wrote to memory of 2816	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	36
PID 2380 wrote to memory of 2816	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	36
PID 3064 wrote to memory of 2636	3064	Unicorn-50946.exe	37
PID 3064 wrote to memory of 2636	3064	Unicorn-50946.exe	37
PID 3064 wrote to memory of 2636	3064	Unicorn-50946.exe	37
PID 3064 wrote to memory of 2636	3064	Unicorn-50946.exe	37
PID 276 wrote to memory of 2592	276	Unicorn-21507.exe	38
PID 276 wrote to memory of 2592	276	Unicorn-21507.exe	38
PID 276 wrote to memory of 2592	276	Unicorn-21507.exe	38
PID 276 wrote to memory of 2592	276	Unicorn-21507.exe	38
PID 2816 wrote to memory of 2284	2816	Unicorn-61152.exe	39
PID 2816 wrote to memory of 2284	2816	Unicorn-61152.exe	39
PID 2816 wrote to memory of 2284	2816	Unicorn-61152.exe	39
PID 2816 wrote to memory of 2284	2816	Unicorn-61152.exe	39
PID 2380 wrote to memory of 1784	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	40
PID 2380 wrote to memory of 1784	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	40
PID 2380 wrote to memory of 1784	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	40
PID 2380 wrote to memory of 1784	2380	cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe	40
PID 2688 wrote to memory of 280	2688	Unicorn-63198.exe	41
PID 2688 wrote to memory of 280	2688	Unicorn-63198.exe	41
PID 2688 wrote to memory of 280	2688	Unicorn-63198.exe	41
PID 2688 wrote to memory of 280	2688	Unicorn-63198.exe	41
PID 2832 wrote to memory of 1832	2832	Unicorn-43332.exe	42
PID 2832 wrote to memory of 1832	2832	Unicorn-43332.exe	42
PID 2832 wrote to memory of 1832	2832	Unicorn-43332.exe	42
PID 2832 wrote to memory of 1832	2832	Unicorn-43332.exe	42
PID 2204 wrote to memory of 2364	2204	Unicorn-1641.exe	43
PID 2204 wrote to memory of 2364	2204	Unicorn-1641.exe	43
PID 2204 wrote to memory of 2364	2204	Unicorn-1641.exe	43
PID 2204 wrote to memory of 2364	2204	Unicorn-1641.exe	43
PID 2072 wrote to memory of 2344	2072	Unicorn-24392.exe	44
PID 2072 wrote to memory of 2344	2072	Unicorn-24392.exe	44
PID 2072 wrote to memory of 2344	2072	Unicorn-24392.exe	44
PID 2072 wrote to memory of 2344	2072	Unicorn-24392.exe	44
PID 2592 wrote to memory of 1700	2592	Unicorn-28470.exe	45
PID 2592 wrote to memory of 1700	2592	Unicorn-28470.exe	45
PID 2592 wrote to memory of 1700	2592	Unicorn-28470.exe	45
PID 2592 wrote to memory of 1700	2592	Unicorn-28470.exe	45

C:\Users\Admin\AppData\Local\Temp\cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe
"C:\Users\Admin\AppData\Local\Temp\cf7350f24346249d4f268bfede76bbb7e773613139d3f5cf1828a4487de8db97N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        9⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        10⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        8⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 188
        9⤵
        Program crash
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58385.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30983.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54568.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        7⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        7⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        6⤵
        Executes dropped EXE
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        7⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        6⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        8⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11486.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        7⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
        7⤵
        Program crash
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        6⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
        6⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        7⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        6⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11895.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        5⤵
        
        PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        7⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54079.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7757.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        6⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37755.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13027.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        7⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        6⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        6⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        5⤵
        Executes dropped EXE
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        7⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        6⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43484.exe
        5⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        6⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
        5⤵
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        5⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47634.exe
        6⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        6⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        5⤵
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
      4⤵
      PID:8148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        9⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39207.exe
        7⤵
        
        PID:992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        8⤵
        Program crash
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        7⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        7⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        7⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        6⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        6⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        7⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        6⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        6⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
        5⤵
        
        PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        5⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
      4⤵
      PID:6396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        6⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        5⤵
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        5⤵
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
        5⤵
        
        PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
      4⤵
      PID:7376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        5⤵
        
        PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
      4⤵
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
      4⤵
      PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
      4⤵
      PID:6948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
      4⤵
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      4⤵
      PID:7188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
    3⤵
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
      4⤵
      PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
      4⤵
      PID:7348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
    3⤵
    PID:5636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
    3⤵
    PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        7⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
        7⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        7⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        6⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        6⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        6⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9315.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65417.exe
        7⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        6⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        5⤵
        
        PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        7⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        6⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        6⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        6⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53083.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        5⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
      4⤵
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        5⤵
        
        PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      4⤵
      PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        7⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        6⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        6⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        6⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        5⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
      4⤵
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        5⤵
        
        PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35721.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
      4⤵
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
      4⤵
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
      4⤵
      PID:7072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
    3⤵
    PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      4⤵
      PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
      4⤵
      PID:8112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
    3⤵
    PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
    3⤵
    PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
    3⤵
    PID:6508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
    3⤵
    PID:7916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        7⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        6⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        6⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        6⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40451.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        5⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        6⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        5⤵
        
        PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
      4⤵
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5710.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        5⤵
        
        PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
      4⤵
      PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
      4⤵
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
      4⤵
      PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
      4⤵
      PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
      4⤵
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      4⤵
      PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
      4⤵
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
    3⤵
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
      4⤵
      PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
    3⤵
    PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
    3⤵
    PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        5⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53487.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        5⤵
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
      4⤵
      PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
      4⤵
      PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
      4⤵
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        5⤵
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
      4⤵
      PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20780.exe
      4⤵
      PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
      4⤵
      PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50820.exe
      4⤵
      PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
      4⤵
      PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
      4⤵
      PID:6196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
    3⤵
    PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
    3⤵
    PID:5148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
    3⤵
    PID:8152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
    3⤵
    - Program crash
    PID:2764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57676.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57676.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
    3⤵
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
      4⤵
      PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
      4⤵
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
    3⤵
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
    3⤵
    PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
  2⤵
  PID:236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
    3⤵
    PID:5124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
    3⤵
    PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10176.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
  2⤵
  PID:4364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
  2⤵
  PID:5796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
  2⤵
  PID:6872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
  2⤵
  PID:7388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe

Filesize
468KB

MD5
a6222cc0272cd19ddb9c56368d42334c

SHA1
d376aa0aa500e19c1fc11ef3e21eb1cad2cb8af4

SHA256
897256ca736c9a8f7930e18335cbf59aae43b2fb3f0540ac6e16abc438aa1229

SHA512
b7987ce8adaf6cbd901ca859103e4f2ec75344b450892652ea82b6e23e92b099274e9fdd6187b30ef5d6cdb06ca50928de8ca8392b00a0e476ba454d6683106a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe

Filesize
468KB

MD5
aea480cd8eb8dd01fe5493cc91554ffc

SHA1
5cbb54b578fe239d521d32602519abefc655ac4d

SHA256
285691b7bdb07bdb84df68bb9f255209e30b9d0da9b2670d8103ca2b5bc3875b

SHA512
d810e6c3971bb1a981de916a686ffb050d4fd7c4fc8b2c48391c86bf3e46f8c4a9f3fbb7dc722c63be06b743ddc182b245c37a510853077c06e1c1cf3ebfb0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe

Filesize
468KB

MD5
8a6bcbb6d23e179bdc7f5c2b183f348c

SHA1
4bace26ba7224ee55f899d4a4de06a3b96833d6f

SHA256
3db82c1fc54b877777afdba951b91c286d407bd2b29119f70be0ae4684aadb26

SHA512
1cddf63043e6465e8e023eb4ab32f2307997b8f6a52e5ae72ee448335cab2137c509ebf395b0bde60a7780d332d389de88a43f4520ec011bb7001dbff896cdba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe

Filesize
468KB

MD5
f7d0e271779d9f508a4da0f5e378a299

SHA1
490a8b0f887df46ae9aaf22e90cd68425168f975

SHA256
d22e753f8f797649d9bb7e8386972c8badcc04803f39d8345c8c2565f698753a

SHA512
c55461bd8ce3033bbfb49169499c83dd66c682c8298d2e3a680a1ec3bfee35a6a2dc78938383c78cd4de0ffc13337eb155d25ba14fa37bf3d2ca7caeec406ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe

Filesize
468KB

MD5
85f1b061a3910d7a89b1904bccd92ce7

SHA1
c2d1179c8c4d33748ca89efeca465dd593fc80e6

SHA256
c2118ac01c891d0e7931c56e59076950038b885e534bbec4b563a389cb9a1b55

SHA512
de382d2b33c72512fb51996823780f9fa686c415ef36c6629bc2125772b8d27e908c41aabc1def23760ff47a72a61493b8746e7c3fad0421b2696b04d82bdf82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe

Filesize
468KB

MD5
b12c4ed29129623c060bfa1ded9f981f

SHA1
6aa07d79e020972eb29f6da4be9b00a49311458e

SHA256
b1789229cdc6ad5459f695bc834a8db134647facbfc5b26afa3bc6c1943ffc73

SHA512
7ba0464610951f4749a2fa7a5b68841c79b6ca9b167d3e3423fd0769da6ce7e5ec7c4295ef2510c13e80bd31ab3b02846b99cb958d5b52ac35c1b022557cc160

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe

Filesize
468KB

MD5
b46841954313e563e82c209beaef0cac

SHA1
676613a3f5c4eadcbe68d3d6765cb6227e2735b0

SHA256
70853785e6047a1d53195aa7f8df7951a842087d4aacaaeb729b428384cbc8d8

SHA512
5fe1bd6f05c8b34028428da84a2b36dbb49650242577a6cb4ff0d4359a026bbec6b55a05b27948e175f95f4c7d94a74fba60196e88fc7a528fbedab5d46ba7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe

Filesize
468KB

MD5
eea8b48a0db6e7514a07b5933ea67e82

SHA1
2e92fdbcacaa2d0f1b695b2a86c23d8d5273d187

SHA256
c6e4e340da2d862efd23c6b74df85a4f22b55f160e85538bc049fb0487969028

SHA512
9a3a48db5d3698d50b3b35114bc83ece86556b3a02c63465424bd6e805bccbd5e033f0ef1031f27bf36cfe5d8330909f89dced7dd30fa88c14a9ca0460305278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe

Filesize
468KB

MD5
79840af7689ad9520a360c46df4bb25f

SHA1
0c986d9b97e7bc7b10707f8c10db5588cc0771fc

SHA256
4ecd868719aafa9536beeb1dd08c4a343e1f8b94172105a974fec04556b478f6

SHA512
2b1fe9f0be26c0a14269d0f23d5bf6fc84c4e03bbbaf19f9bfc4d24b231cab2cc241b47056569b9467f6d3f64eda73cc28151945a4e66555e90b94e315f46717

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe

Filesize
468KB

MD5
126464aaee9edbbe670e42e3f3cecf34

SHA1
0519774915ce77ad72d3bbee16f478feb74e1eff

SHA256
909186222b6b66cb0f2b671ede0490dc658595fe27011a51f327d90dc745fd6f

SHA512
96ed627f2593f26a7c9e11988bbf63528b71d6c8df9166e51e0d13ffb4e6ede3a1e65d8bf35cd46b8048f8647738d796f61773c279e76f8fa111a1c9e6e7307c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe

Filesize
468KB

MD5
f2186fd20cb399cc274c1b5113d808fc

SHA1
1a5e49fba3353b1d550f673fd7a101a1736506f6

SHA256
bdde20acfffb986ccbf4693cf9f9d56b5a86b50c0e3efd4e6bbcd81e2df799c5

SHA512
2dd0181c50f2667746a6f29d9b691c2fcac5a9410ad71f13dd63a63524c994309055fea5f0e366db9885c6a8fb294fddc537a5507c0b9af5979d84cba28ea136

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe

Filesize
468KB

MD5
8296decb2143d866e87764e4d166f6f1

SHA1
f47f45201a81a263d3f13fb0a1184b26a2cddc0b

SHA256
efd1cac9417b83cd79d3ddb37376a02bb5c21dbced9cb03dc7982b4d6d0a8654

SHA512
9236ef4316205638f97e44612e6519406d650790c3a5a033023cc8eb73965b2e7c17ca451f8ab4007f30bbb911280cc9932086e7193345c7e4c905c0f4f2b336

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe

Filesize
468KB

MD5
33332a21cc7b363907688dc1fcb7ae33

SHA1
1696c39cf5dff94446b2ef5fccdd325d8771ce13

SHA256
6f2ff4072ef277b463a86748ddc59f2dabd3b3979e42835f7823168d3896d99b

SHA512
33c63d8c696e475f36f3810472035f32bef32e4924ff4afbcde3624bedc62c278389f315b9f54872902a9dd2b4afa8d76ef6ac6e479ed4b08d06f6fe82508af1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe

Filesize
468KB

MD5
04e543465764758c1162f3497374d1a2

SHA1
66c9835b93ae821daabfba7d2e3ccbb932cda046

SHA256
9c063c573c2ed916ad2d6f2248c9d941570e237aaa1058769bb716635a24a33e

SHA512
d86c2dd7d15b7d147f2cf63dd48ab90fb267d3d7064e07ea69e86426f7895681da8d8712f698671b679cb59711c127f95852929466abd287e64e551a65372329

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe

Filesize
468KB

MD5
4c349db1ffd3c91c8a465c7722c6d323

SHA1
de9a82ffe361dcb8e8dc420d2537cd91db12224d

SHA256
1fb2aec05c8d31a9b3c7661cc3f88aaab102e83e5d381717c545ee631ac01a87

SHA512
5362af8a9556ee07e47b5df27b7597dba34caab1dd4baf3e2d3decb1ce8ff79935a05f98c2dc7251eaf90d8c8a875f4b2c84f77c6ad9b17a221cf790cd3a5ee4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe

Filesize
468KB

MD5
44b139af5637d417f597dd4d42d4164f

SHA1
0c744313028b88bc45934548649cd3119ac3e99f

SHA256
fc7876477708fd423a10b12ac89cc3cf9b77b6d2e00aade05280f245fabc5edf

SHA512
33b6c503b0a6560b8d7dc390abd053585aea5aec9e41ab2d7f13d3ea2340c42e496bd9722955c56f858b2d6ee28eaa31e168b671cf2e261d727e480bb114944b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe

Filesize
468KB

MD5
ce407673982b91507715c32f98f1890e

SHA1
bc96b950097496c331beb8da2a93f174e216828b

SHA256
a6701981453ed2988f77b2f099d8e0f5a7a142e63932a3cde58ae83bc0021181

SHA512
35a9d5c41b85eea9549b4cecdf6a54346ba985f493e5831d64873d624b261c31842ddd5cc30955bb91dbe434d5d9afc902e778c81a30303a05b9ef50a8ba3134

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe

Filesize
468KB

MD5
46b5dc6124b4f0f4838a9d79a12fa122

SHA1
4406ca2080ed18084d749f85838b8c0544825e8a

SHA256
d98c43f0c4872713fd5eb2b74ca19d5177c5d3a89ffc8376cead1c0567b194ff

SHA512
76264b465ea4c5c1dc516157be3f4e44e1bdbac42d3b798d8af1990e0e6daaad1427569033ae808e77d89293962b815023b086eab6701904f6617682f18e1a8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49083.exe

Filesize
468KB

MD5
dfa02b944ddb7a2ce1ce18452a8864b9

SHA1
ac7614174c77d1f44f2108a082568356b2d00673

SHA256
de0599f356d4842b45c1e9a7085ebd79fdf95e9905a4abf2d2856e07ade73fba

SHA512
103c55a9b0db83b4b19509ee1424fbbfc11fa3620a5885681155b021a92af966a9a00bdf1468dce37c67761737b2ccf1db9c8fee51dafeec4973b8b1b0fc537d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe

Filesize
468KB

MD5
3713443bb8660fc58f461e5271b35ec1

SHA1
85b45f3f1cece261168202ce6df4af1113d2472e

SHA256
acb82a149e8aa2c8fa14a5947e516212e9d42d42ed400c026e9873a6a818d016

SHA512
02011eadaa2f7c290f509b346dd687478cfe23e4b6f8e5f74b13b7cc99551c433f329105ebc07511c695105ed54d74010fad2391793c23cea3f0e268669c3c39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe

Filesize
468KB

MD5
6a68a75364c98fb3cd95ddef79935d6f

SHA1
e4a4a2bc6c24985a1cba6b78a3846d86427ac4ed

SHA256
3ef73ede296a116b6c6b3b801879844e9d4d65fd1a6d6f46e1ffb7e5ec961841

SHA512
10e65bd2cac4b97fcf893da9da8a7327dfadecc6e38356528d0062e3c7e7b2362bf8302543c3bb8b332f70e5b1f1088a8164e1e8fe980866b84cb3d070d2c1d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe

Filesize
468KB

MD5
dac9b07381aff2b11c39979d3cb8c670

SHA1
87722e27687d9a4fbcf495916b7c250c15e6a97c

SHA256
e905e00e769def96bf947e5a01c1d11af94097037b9849ff5f0439c6c896f173

SHA512
8c4b411df0da7cfe0caff2770d17c7e65f4074a8369fc0ef2e7aff856e7dc003d7a0c6bd10dae3b9c24779391043965aa352985ae96b22704e945234b81e9fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe

Filesize
468KB

MD5
72ca7a1d05066cb37a3330cdd5e88bc9

SHA1
19609d9ddbd00e75a2ffe8521fba94eeebc0aefd

SHA256
b3dc17835aeeb6eaa6b3a177130eb5592f4b1edb632f1b2413c165b60baa7643

SHA512
f573256e730de354ea0363e3fc96f7039ec2437815f67a84934109cf8cf89424d026d0d3899cd8fd342592e5097ce48d73562fb649bcec3791fa2f1ef1a5a7d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe

Filesize
468KB

MD5
210d661b738054adc5856c75837a39e4

SHA1
50fec55acbc9f93a39718cd9672494cebeab9046

SHA256
87aabfb1084f542cabd850d49573dad97417c2ce1f22fd040e138506be7df224

SHA512
efaa91e90ec6e98c6edd48f4122f43f7f54199fba1650298f78bb43b0c7ed2ab17df51841e70004f61828672a47e550fc274b7c2b91cfef4972c76eaf6ee3870

Download Submit