c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060

Analysis

max time kernel
147s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
Size

468KB
MD5

15cbe8d8373e514e6eb438b714a130e9
SHA1

b1f91dec62c43ec42eea03e317d79df81cec4883
SHA256

c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060
SHA512

1b777dad19044e2ded90444de5c2909670a684fa44a4eb70dfdaf7b27587b0453b03da05d45f8f34f161f49f580cffc07efe8b2e5debb12b42fd290c0010757c
SSDEEP

3072:VbFRouJERqMBtgHKPzYjqf8IgCnHRnp5nmHh9odHAxLcrcJWY1E4:Vb/o//BtLPEjqfNpIAAxIgJWY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2960	Unicorn-8472.exe
2980	Unicorn-34695.exe
2756	Unicorn-47502.exe
2668	Unicorn-19672.exe
2160	Unicorn-48815.exe
2176	Unicorn-35816.exe
1036	Unicorn-20674.exe
1784	Unicorn-9368.exe
2708	Unicorn-24287.exe
2356	Unicorn-44454.exe
2060	Unicorn-27734.exe
2112	Unicorn-21603.exe
1244	Unicorn-60406.exe
1856	Unicorn-60141.exe
2892	Unicorn-43914.exe
1796	Unicorn-30416.exe
1440	Unicorn-10873.exe
2456	Unicorn-60296.exe
2556	Unicorn-889.exe
1912	Unicorn-4563.exe
812	Unicorn-2762.exe
1884	Unicorn-6483.exe
984	Unicorn-23505.exe
1624	Unicorn-3639.exe
1864	Unicorn-52264.exe
1544	Unicorn-5523.exe
744	Unicorn-21786.exe
604	Unicorn-22052.exe
1520	Unicorn-55793.exe
2148	Unicorn-12737.exe
1656	Unicorn-15537.exe
1512	Unicorn-19691.exe
2560	Unicorn-13861.exe
2132	Unicorn-5767.exe
1728	Unicorn-55461.exe
2924	Unicorn-35595.exe
2828	Unicorn-5803.exe
2800	Unicorn-6068.exe
2968	Unicorn-34526.exe
2732	Unicorn-38933.exe
2712	Unicorn-2347.exe
2172	Unicorn-46354.exe
1480	Unicorn-38771.exe
1540	Unicorn-13956.exe
2260	Unicorn-58205.exe
2204	Unicorn-14942.exe
2220	Unicorn-13032.exe
2020	Unicorn-32898.exe
1840	Unicorn-30629.exe
1920	Unicorn-1294.exe
860	Unicorn-17247.exe
844	Unicorn-7548.exe
1304	Unicorn-16479.exe
1428	Unicorn-32815.exe
1836	Unicorn-31973.exe
2212	Unicorn-13529.exe
2232	Unicorn-9269.exe
2500	Unicorn-34735.exe
1664	Unicorn-15746.exe
1528	Unicorn-51948.exe
1376	Unicorn-6447.exe
1552	Unicorn-26313.exe
1756	Unicorn-24979.exe
832	Unicorn-58985.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2960	Unicorn-8472.exe
2960	Unicorn-8472.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2980	Unicorn-34695.exe
2980	Unicorn-34695.exe
2960	Unicorn-8472.exe
2756	Unicorn-47502.exe
2960	Unicorn-8472.exe
2756	Unicorn-47502.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2668	Unicorn-19672.exe
2668	Unicorn-19672.exe
2980	Unicorn-34695.exe
2980	Unicorn-34695.exe
2160	Unicorn-48815.exe
2160	Unicorn-48815.exe
1036	Unicorn-20674.exe
2960	Unicorn-8472.exe
1036	Unicorn-20674.exe
2960	Unicorn-8472.exe
2176	Unicorn-35816.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2176	Unicorn-35816.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2756	Unicorn-47502.exe
2756	Unicorn-47502.exe
1784	Unicorn-9368.exe
2668	Unicorn-19672.exe
2668	Unicorn-19672.exe
1784	Unicorn-9368.exe
2980	Unicorn-34695.exe
2708	Unicorn-24287.exe
2980	Unicorn-34695.exe
2708	Unicorn-24287.exe
2060	Unicorn-27734.exe
2060	Unicorn-27734.exe
1036	Unicorn-20674.exe
1036	Unicorn-20674.exe
1244	Unicorn-60406.exe
1244	Unicorn-60406.exe
2356	Unicorn-44454.exe
2356	Unicorn-44454.exe
2176	Unicorn-35816.exe
2176	Unicorn-35816.exe
2160	Unicorn-48815.exe
2160	Unicorn-48815.exe
2112	Unicorn-21603.exe
2112	Unicorn-21603.exe
2960	Unicorn-8472.exe
2960	Unicorn-8472.exe
1856	Unicorn-60141.exe
1856	Unicorn-60141.exe
2892	Unicorn-43914.exe
2892	Unicorn-43914.exe
2756	Unicorn-47502.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2756	Unicorn-47502.exe
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
1796	Unicorn-30416.exe
1796	Unicorn-30416.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2908	2800	WerFault.exe	66
1476	2444	WerFault.exe	107

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27244.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
2960	Unicorn-8472.exe
2980	Unicorn-34695.exe
2756	Unicorn-47502.exe
2668	Unicorn-19672.exe
2160	Unicorn-48815.exe
1036	Unicorn-20674.exe
2176	Unicorn-35816.exe
1784	Unicorn-9368.exe
2708	Unicorn-24287.exe
2060	Unicorn-27734.exe
2112	Unicorn-21603.exe
2356	Unicorn-44454.exe
1244	Unicorn-60406.exe
1856	Unicorn-60141.exe
2892	Unicorn-43914.exe
1796	Unicorn-30416.exe
2556	Unicorn-889.exe
1440	Unicorn-10873.exe
2456	Unicorn-60296.exe
1912	Unicorn-4563.exe
812	Unicorn-2762.exe
1884	Unicorn-6483.exe
1864	Unicorn-52264.exe
984	Unicorn-23505.exe
1624	Unicorn-3639.exe
1544	Unicorn-5523.exe
744	Unicorn-21786.exe
1520	Unicorn-55793.exe
604	Unicorn-22052.exe
2148	Unicorn-12737.exe
1656	Unicorn-15537.exe
1512	Unicorn-19691.exe
2560	Unicorn-13861.exe
2132	Unicorn-5767.exe
1728	Unicorn-55461.exe
2924	Unicorn-35595.exe
2828	Unicorn-5803.exe
2800	Unicorn-6068.exe
2968	Unicorn-34526.exe
2732	Unicorn-38933.exe
2712	Unicorn-2347.exe
2172	Unicorn-46354.exe
1480	Unicorn-38771.exe
1540	Unicorn-13956.exe
2204	Unicorn-14942.exe
2260	Unicorn-58205.exe
2020	Unicorn-32898.exe
2220	Unicorn-13032.exe
1920	Unicorn-1294.exe
1840	Unicorn-30629.exe
860	Unicorn-17247.exe
844	Unicorn-7548.exe
1304	Unicorn-16479.exe
1428	Unicorn-32815.exe
2212	Unicorn-13529.exe
1836	Unicorn-31973.exe
2232	Unicorn-9269.exe
2500	Unicorn-34735.exe
1664	Unicorn-15746.exe
1528	Unicorn-51948.exe
1552	Unicorn-26313.exe
1376	Unicorn-6447.exe
1756	Unicorn-24979.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2960	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	30
PID 2816 wrote to memory of 2960	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	30
PID 2816 wrote to memory of 2960	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	30
PID 2816 wrote to memory of 2960	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	30
PID 2960 wrote to memory of 2980	2960	Unicorn-8472.exe	31
PID 2960 wrote to memory of 2980	2960	Unicorn-8472.exe	31
PID 2960 wrote to memory of 2980	2960	Unicorn-8472.exe	31
PID 2960 wrote to memory of 2980	2960	Unicorn-8472.exe	31
PID 2816 wrote to memory of 2756	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	32
PID 2816 wrote to memory of 2756	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	32
PID 2816 wrote to memory of 2756	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	32
PID 2816 wrote to memory of 2756	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	32
PID 2980 wrote to memory of 2668	2980	Unicorn-34695.exe	33
PID 2980 wrote to memory of 2668	2980	Unicorn-34695.exe	33
PID 2980 wrote to memory of 2668	2980	Unicorn-34695.exe	33
PID 2980 wrote to memory of 2668	2980	Unicorn-34695.exe	33
PID 2960 wrote to memory of 2160	2960	Unicorn-8472.exe	34
PID 2960 wrote to memory of 2160	2960	Unicorn-8472.exe	34
PID 2960 wrote to memory of 2160	2960	Unicorn-8472.exe	34
PID 2960 wrote to memory of 2160	2960	Unicorn-8472.exe	34
PID 2756 wrote to memory of 2176	2756	Unicorn-47502.exe	35
PID 2756 wrote to memory of 2176	2756	Unicorn-47502.exe	35
PID 2756 wrote to memory of 2176	2756	Unicorn-47502.exe	35
PID 2756 wrote to memory of 2176	2756	Unicorn-47502.exe	35
PID 2816 wrote to memory of 1036	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	36
PID 2816 wrote to memory of 1036	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	36
PID 2816 wrote to memory of 1036	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	36
PID 2816 wrote to memory of 1036	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	36
PID 2668 wrote to memory of 1784	2668	Unicorn-19672.exe	37
PID 2668 wrote to memory of 1784	2668	Unicorn-19672.exe	37
PID 2668 wrote to memory of 1784	2668	Unicorn-19672.exe	37
PID 2668 wrote to memory of 1784	2668	Unicorn-19672.exe	37
PID 2980 wrote to memory of 2708	2980	Unicorn-34695.exe	38
PID 2980 wrote to memory of 2708	2980	Unicorn-34695.exe	38
PID 2980 wrote to memory of 2708	2980	Unicorn-34695.exe	38
PID 2980 wrote to memory of 2708	2980	Unicorn-34695.exe	38
PID 2160 wrote to memory of 2356	2160	Unicorn-48815.exe	39
PID 2160 wrote to memory of 2356	2160	Unicorn-48815.exe	39
PID 2160 wrote to memory of 2356	2160	Unicorn-48815.exe	39
PID 2160 wrote to memory of 2356	2160	Unicorn-48815.exe	39
PID 1036 wrote to memory of 2060	1036	Unicorn-20674.exe	40
PID 1036 wrote to memory of 2060	1036	Unicorn-20674.exe	40
PID 1036 wrote to memory of 2060	1036	Unicorn-20674.exe	40
PID 1036 wrote to memory of 2060	1036	Unicorn-20674.exe	40
PID 2960 wrote to memory of 2112	2960	Unicorn-8472.exe	41
PID 2960 wrote to memory of 2112	2960	Unicorn-8472.exe	41
PID 2960 wrote to memory of 2112	2960	Unicorn-8472.exe	41
PID 2960 wrote to memory of 2112	2960	Unicorn-8472.exe	41
PID 2176 wrote to memory of 1244	2176	Unicorn-35816.exe	42
PID 2176 wrote to memory of 1244	2176	Unicorn-35816.exe	42
PID 2816 wrote to memory of 1856	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	43
PID 2176 wrote to memory of 1244	2176	Unicorn-35816.exe	42
PID 2176 wrote to memory of 1244	2176	Unicorn-35816.exe	42
PID 2816 wrote to memory of 1856	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	43
PID 2816 wrote to memory of 1856	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	43
PID 2816 wrote to memory of 1856	2816	c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe	43
PID 2756 wrote to memory of 2892	2756	Unicorn-47502.exe	44
PID 2756 wrote to memory of 2892	2756	Unicorn-47502.exe	44
PID 2756 wrote to memory of 2892	2756	Unicorn-47502.exe	44
PID 2756 wrote to memory of 2892	2756	Unicorn-47502.exe	44
PID 2668 wrote to memory of 1796	2668	Unicorn-19672.exe	46
PID 2668 wrote to memory of 1796	2668	Unicorn-19672.exe	46
PID 2668 wrote to memory of 1796	2668	Unicorn-19672.exe	46
PID 2668 wrote to memory of 1796	2668	Unicorn-19672.exe	46

C:\Users\Admin\AppData\Local\Temp\c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe
"C:\Users\Admin\AppData\Local\Temp\c5b2853d5435a2023209216778390912ca111d1def79bb1946f7fa2373598060.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 200
        8⤵
        Program crash
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40412.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        6⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58985.exe
        7⤵
        Executes dropped EXE
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        9⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        7⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        7⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        7⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        6⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43780.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        6⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        5⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
        5⤵
        
        PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        6⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        7⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        6⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        5⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        7⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        5⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9765.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48581.exe
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        5⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
      4⤵
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
      4⤵
      PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15258.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        6⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        6⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        5⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25913.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        5⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        5⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        5⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      4⤵
      PID:7064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        7⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        6⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24560.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        6⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4526.exe
        6⤵
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
      4⤵
      PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
      4⤵
      PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
      4⤵
      PID:6768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        5⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
      4⤵
      PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      4⤵
      PID:7072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
      4⤵
      PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
      4⤵
      PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      4⤵
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      4⤵
      PID:7004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
    3⤵
    PID:3984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
    3⤵
    PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
    3⤵
    PID:6508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        7⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        5⤵
        
        PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        5⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        6⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
      4⤵
      PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
      4⤵
      PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6979.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        5⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        5⤵
        
        PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19261.exe
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        6⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        5⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
      4⤵
      PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
      4⤵
      PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        6⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
      4⤵
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        5⤵
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
      4⤵
      PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      4⤵
      PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
      4⤵
      PID:6376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
      4⤵
      PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
      4⤵
      PID:6176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
    3⤵
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
    3⤵
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
    3⤵
    PID:4484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
    3⤵
    PID:6560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9779.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        5⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13193.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
        5⤵
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2347.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        5⤵
        
        PID:2444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 188
        6⤵
        Program crash
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
      4⤵
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        5⤵
        
        PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24988.exe
      4⤵
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
      4⤵
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
      4⤵
      PID:6440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        5⤵
        
        PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
      4⤵
      PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
      4⤵
      PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
      4⤵
      PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
      4⤵
      PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
      4⤵
      PID:6996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
    3⤵
    PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43430.exe
    3⤵
    PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
    3⤵
    PID:2136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14501.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20111.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        5⤵
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      4⤵
      PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
      4⤵
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
        6⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
      4⤵
      PID:480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
      4⤵
      PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43564.exe
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16412.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
      4⤵
      PID:6572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
    3⤵
    PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
    3⤵
    PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
    3⤵
    PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
    3⤵
    PID:6792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12737.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12737.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      4⤵
      PID:6936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
    3⤵
    PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
    3⤵
    PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
    3⤵
    PID:6716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
    3⤵
    PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
    3⤵
    PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    3⤵
    PID:6944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
  2⤵
  PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
  2⤵
  PID:3404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
  2⤵
  PID:3836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
  2⤵
  PID:5988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
  2⤵
  PID:6584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21603.exe

Filesize
468KB

MD5
60ffab70d4b2ba3d54503a67ab9ca3d8

SHA1
7f7225baeb10e8ef6146f203879cb8de4b36b294

SHA256
833fdd0ba9d0d03b711e4cd2fd1bc65dd8761b90a421052c58a39647ce96a914

SHA512
d67d00a4f99cfe77f02212048191511e370454cb74f93133bf40be3a75550d235d6b252323a6d65ee4fb030314b435e0fe61296cf72b8eafb6d708ce1e9bbe36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe

Filesize
468KB

MD5
2d8d479460a77a832654b01e1439f0e1

SHA1
71ab8735633c22e50b9c94c0e543921c3c9b5c70

SHA256
c6cb720cba012a770712a559a801303ff7f7c6e769068b088832a9d301cf273c

SHA512
5185b4ed263b97d005250e4dfae4516d80621ce9f5bbdf359c313f4000fcc56980ddfbe97e5ed45933e7e73a70cbcf289e4257e0ecb339a3b898e0be087dc2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe

Filesize
468KB

MD5
c6a5f945e904103064c8dcd7f8edfa71

SHA1
e74ec70ea371da8d19873f2779cfa96ca13be0be

SHA256
a816de2b13a637332bd224758af3ebcd9a7056d9b9382b79ee9c38275fae5ec1

SHA512
eabae6ab37af22288deb5315b5d0e2b801b6f1dce4f8db121e576db48b2c54f1af83768fb552fc0b8a12321b0f9b40558da11e1551d16e601fe1573b2dac7faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5523.exe

Filesize
468KB

MD5
1c145e3e492ef2710855fd21c47f68ee

SHA1
757c9042611f0de814d6c00ba540c2397726cecd

SHA256
846c18d7909c9ae81e7abb174e02357462768989f4c03a3a9833c8cfcbc94eea

SHA512
1a4ee036cc6c4fc172f9cc115e1a4c54d6293f79b9d473c936e61d76137f9d07db9c18c0ede1f37374c6b58060da5359d4d4b9c0a8d6d1470be5171f9426e1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe

Filesize
468KB

MD5
736583362163dc3c757bacd9ff924760

SHA1
bfb7ba1faf2ca3e02dde6a57407727ec8e640ee5

SHA256
f13c1f0b7811c232df0dc82a87a96b8ac5b0141fdc47a6fec2d08921d3c6425d

SHA512
173119f8eb600fbdf3478d784f9005f2cd5c4f924c7cf7c99688d3c717d9ea1087fb5e6500383c996c116081f2c46f98a3ea9d344347efdd2c17f2fa4eb63152

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe

Filesize
468KB

MD5
7a0a057cce44737958d034c37294e53a

SHA1
7197a31b68b2e6a8ff4c0161a580aaaa9cd4612a

SHA256
2a2191fecca6fc2dbc32a974137f349eabe384e15fcd8763bd321c23cdc0b6b5

SHA512
68d385acfc9832ea1b64cf41056a2c3fca170bbe3fa43558cff9d33c2571d51b362ffc4ed9128c85c32daed03ab03d80873629aff57c4eb16b450167c776c716

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe

Filesize
468KB

MD5
2a1efe90ee4ac783c94603bb150e46d6

SHA1
d465f6c0c58d2b24ef987418abf1ffe326a9bfe0

SHA256
8b7c7b9bfae5b3449126e9a282175c815911da71e0d2a6587f06906dea186dcf

SHA512
23213a429664f7ce4b72a868cbd15e1f45aea1a536a4eb04e06df0d68f92589edf35b4b44367b777940235a7c5f90ec4c9e6682062403fc502919e744c133a56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19672.exe

Filesize
468KB

MD5
40ac45dfd7902e726400461d1dc24e65

SHA1
4f0d6b0096d44d932e9e48800299782f44a0aa9c

SHA256
0b6fe072c82dd8611eaffc0e088f37bc4356e10c2ada50911a216a27486c2263

SHA512
597a573dd9a2bc29f4af71bb034605c60e10c7fe1cb30142d04774809585e7320e1ff57ceb0f4b82d59e6f5b32ec2d32a8140bdeac7ca4f868b8ae246bdc2970

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe

Filesize
468KB

MD5
fb27d9a06f90713d53cb008ad0755c32

SHA1
2c365007354d37e7509bf17835b542f3cd12fe79

SHA256
88cce9e3e03a1efc243c315ecccd3d20d231780fbe59901ae8386bf7deba5632

SHA512
a9773c78449847eccd8790f8685bd9e68ef62d1faec17d4cda7ee4a40a44519b6d248512f08972ab03e05321aa46ec7ad1dec17bf30f3a3b8028a045f7489a4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe

Filesize
468KB

MD5
269039bccee28ac90af00cf7b6b15907

SHA1
f0a22ec394a7294cf0fd39a7b8b877ca823cbf6d

SHA256
d65161083bdf964e8853f76ec7b8aa7dd93d559b3249e1b2be8e09fd085be08e

SHA512
1d9b3228edbc0db59a3d9af053da8209a02b2ef1308e43ec930cc47df688e31ac271483319dbe7c6b324ef5db928be99590654795e041964f371c0e8c3296e71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe

Filesize
468KB

MD5
408996c5ab468e74b7b1d2e4ca1c2927

SHA1
b5d640e08d445e94f4f708846bf9a1bb72e05b76

SHA256
f2d9ace10d2d7673d2c7caf24ab5f0fdab374d81c6e130851f36d05f17a76d7a

SHA512
2731e65551886020eea233bba89a6d61c51e97615b57d57dc4ab6d2bbab9bd502468f0f6c8c66be2a5716832d32f401730998598d99a0d81ee9b82eaaac5161b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe

Filesize
468KB

MD5
5c3d91d37354953a90c4feb16ea43305

SHA1
9e66ff3b5b18b28350b089145455a4ff00186885

SHA256
0fc265085c5a6d3c0c19b4e172c4b3a4400fcc53e86b2b16f0415c7014f3ce03

SHA512
257da95d4f333bc06f27c8b99c08758052a2311e9f7f6b88959fb61a695460886c93b209387c24e7a67ca938edbdceac081c3ef27f9166ce011193b9ee91020d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe

Filesize
468KB

MD5
a3491e3df0e1aa5085399fa4b1e781f5

SHA1
5ff268ff2ab6191f3eeb45d77f4a3c963b0b53c0

SHA256
2fda6e8e0050670ae6866b9d8e24c4f0fcf13e6db5baded45703f9aa46fe7299

SHA512
6062d868fdde7507a7dadf2365285fca8cf35e9ee08a47e7e16d100d669b704f86846e6450f5fe077e2520b696f33ff4e79e56eb0873a7e1e51fad0845a619c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe

Filesize
468KB

MD5
ed64bdeb4d169dba81722c39610ce5d5

SHA1
574aed07186697570bfda40e8d0c439cb4150e9c

SHA256
10a0f35f039e95e291e8df1c1e8e640a211b22665670021ba7039ac1543eeaa0

SHA512
b4d1c03ffda7cd6354f70c453f395419b59eaf40c28e47451c0044b6389391671ac6f4b6557db160a30eb9a866a9e1c19321ad85ccc4bc04b8e6893339834cb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe

Filesize
468KB

MD5
568071e9664b3ee07a336f934bea18aa

SHA1
e01d813f133a5de4887b0cf20e8df69c6b656594

SHA256
3d100ffd79510241aacb10fbe83f87ca065888d916aa50bb016fce64d3b73668

SHA512
37cfebde9241551aa1c3addc39dd5ebe8ade8c185e6d97abb670aa0e89a221d392f1b71241791566f895f366ba9c4539de47fa1f77817adae9b07261ee074edd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe

Filesize
468KB

MD5
5ceb6b7f720f972cff4c34219ac6cd17

SHA1
5d6d9eb9318b86961931426257b51c228175f58a

SHA256
bc2de7ee99ad313e62a40bde3acab5adf39a13c1c49fd1e7a63249b31a2b4e2c

SHA512
1be4881ed36686515839746bb0db972757667c6815c3b99423e969eb93a95125f0b1f304e747bcd1ba546fcbd74f65c2d232101c55423ce45c17beeb3078ee28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe

Filesize
468KB

MD5
4a8b738bbd20e38e8a9cc272e97fd4f2

SHA1
bf8b796133ad74d3de90c8c47945513316127e65

SHA256
0c52525f9c5a50b3f912de45a3aa88a1465ba1f6dd55189f6e1875290bae2f67

SHA512
fc8221d1afc08b4a8ed8f827085b4a3999897d7c406d039fadf28a7215b89dbd55eb9bdca242c151a11c38798d899b3c870a4ae84f59594ded9344c2640cef7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48815.exe

Filesize
468KB

MD5
17f4df7607acbe9202706739d99c034f

SHA1
8195cfffa350b481df0a2423879549b69782994d

SHA256
c0a1528f87e09a91274533e6bc3775bcc49dee2868fbad1a15920de4b82f2683

SHA512
f39430ba9fe2b0612300ad2bc854d9bde01503d2b4d2cd8359f11bc8603fabaf4287254aa6422c5050156d0ee313165a7ab7d7e68276e4c326aefd5a5819313e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60141.exe

Filesize
468KB

MD5
7ec7c0a8a99648f8553209b1fb3da2d9

SHA1
0354c5f861e4a26a17f337983501b2b045003f78

SHA256
ddbe528360cfc9b717ae7cec473607f317c03f98e24ad1bc87c23a0b2edf7d60

SHA512
a517acb5eed90c2f698b043940fa1be8524dbc1417ed3cba2e7f40b042e148083f7765936363258fd4ee9be799aa97a1ecdddfa837ec18a07ecd742a960f9f97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60296.exe

Filesize
468KB

MD5
4bdc5dfee7346e8ccb2dbefadc23915b

SHA1
6ee1de21b9899d424f85c260323c063b20f4563c

SHA256
a0416d9c2f0dbffc11c2e863a8ca2fd1f95fccd2a38b258f88954b7cbd4be9e7

SHA512
d83b6f0585fd9fbde28a6c0a55a434ecfd4fcae8da694b36ac30c4a7f993288f6feb47e1a705c9f9edf8ab05cbfa29baceff406b74ec7f399ed37fe51d41da45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe

Filesize
468KB

MD5
1cfa041437054eb41fa6b22a7ef5f0ec

SHA1
1ffbd143bb3dfc605e9846b729fa2b51ccb43cda

SHA256
70abe1e648175698266fd363214687c34a3db795d6a8caa0470c150a8c818089

SHA512
c47316fd3d03d0c9add25f5d9f28e2d8cbf85cd99db2879800da2ada247d0d4de0a813bf4ceeb45275acfe9d5222cfa4edab455b9e30bd87e06623865ddec01b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe

Filesize
468KB

MD5
b393a8f67c0fd698280c7f73002cd323

SHA1
ee4894d611839fe2fb864d6ada782148eb34153c

SHA256
a2d0fd33cf2912cb0a1f2f6de5ee79505739e4773774cf685ca52b9bd0c9768d

SHA512
127a9ba92ee44198dd541e96d0d040e90fac7fc5575cdd28119a0de51b5fc2b47631493a2370ad5fcd43abead44dca697b83df0e88afc5f30897e035215523b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-889.exe

Filesize
468KB

MD5
8a936052426eb1e67c2feba7da416536

SHA1
c042c059ddea3aac57cb74e5b9a2ae2a3b522895

SHA256
b590d6414bb73ee4e54140f43bb35f9770875ae9e071e0e6504b73af2330ccb1

SHA512
940a03ba3b427f457665c44e16b0e82fc651691e062de846b361bc146741d50da0ebb2f131cd4969c5ef781cd24e8eb9f5776200289a6715dc0ac64371390c40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe

Filesize
468KB

MD5
01341713c689818dfcba359cfebb7ffe

SHA1
8132747c1ed3173e3345e268967b2b16c69119db

SHA256
d237a6c6fe40da136b116ff5defcc79011eef868bbec7832b23bbd2075df48f7

SHA512
d0be99a168225572a4284332e50aeecb7ad17408272d9c893be5f67855bbbdb8d9ef6093d1098fdd8a18cf8bb803f6febee918b5a8f0db010963869cf88effeb

Download Submit