22dfee2ec29c6b7efa521da6466a13ee8f688f1cfeb86dc4a1e56195bf59ee35

Analysis

max time kernel
101s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7de53189611830bf8747c63ca8c6c50N.exe
Size

184KB
MD5

e7de53189611830bf8747c63ca8c6c50
SHA1

5e0d3b9b27e00cfe63f24bf01d2e638c9d6c5cef
SHA256

22dfee2ec29c6b7efa521da6466a13ee8f688f1cfeb86dc4a1e56195bf59ee35
SHA512

04680a3e43baa7ee4844ca8a1ac66d85f435c85993773a44ec5d37c305b441664bc9ecb0963c6d4643a310ee3cb9cb95a3c28079dd373541d714ffc4f249b458
SSDEEP

3072:d0g6KMoKpMN33HRTCjJzfASzlvVqnviuu:d0XoHXRAzISzldqnviu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4188	Unicorn-42224.exe
1964	Unicorn-65104.exe
4332	Unicorn-15581.exe
4848	Unicorn-2063.exe
4728	Unicorn-38711.exe
1688	Unicorn-20328.exe
1136	Unicorn-47818.exe
3904	Unicorn-24835.exe
3284	Unicorn-25904.exe
3192	Unicorn-41917.exe
4448	Unicorn-61783.exe
3024	Unicorn-49266.exe
1532	Unicorn-12006.exe
2812	Unicorn-62831.exe
1336	Unicorn-11029.exe
4396	Unicorn-7403.exe
4892	Unicorn-44243.exe
5112	Unicorn-40159.exe
4384	Unicorn-65410.exe
3112	Unicorn-9110.exe
3580	Unicorn-20808.exe
4640	Unicorn-44435.exe
4672	Unicorn-44435.exe
3216	Unicorn-44435.exe
4036	Unicorn-31150.exe
3876	Unicorn-25284.exe
1216	Unicorn-18400.exe
1172	Unicorn-44435.exe
5100	Unicorn-11549.exe
1104	Unicorn-28077.exe
3596	Unicorn-9140.exe
4356	Unicorn-5478.exe
4820	Unicorn-42619.exe
944	Unicorn-10501.exe
4744	Unicorn-9925.exe
4292	Unicorn-39111.exe
4708	Unicorn-10522.exe
3044	Unicorn-57677.exe
4084	Unicorn-43942.exe
928	Unicorn-11207.exe
1492	Unicorn-19053.exe
2772	Unicorn-45032.exe
4048	Unicorn-20528.exe
4576	Unicorn-50277.exe
3732	Unicorn-36541.exe
3324	Unicorn-31903.exe
3124	Unicorn-44456.exe
3468	Unicorn-31903.exe
2132	Unicorn-10714.exe
2632	Unicorn-10449.exe
1480	Unicorn-19952.exe
4032	Unicorn-55831.exe
820	Unicorn-43579.exe
3916	Unicorn-14029.exe
2228	Unicorn-44648.exe
4464	Unicorn-35717.exe
1124	Unicorn-24782.exe
4856	Unicorn-64746.exe
1384	Unicorn-19075.exe
3856	Unicorn-56578.exe
3576	Unicorn-4776.exe
4836	Unicorn-17988.exe
1424	Unicorn-20838.exe
1800	Unicorn-24311.exe

Program crash 29 IoCs

pid	pid_target	Process	procid_target
4036	1964	WerFault.exe	93
1788	4848	WerFault.exe	99
4336	3904	WerFault.exe	107
2456	2812	WerFault.exe	114
680	4396	WerFault.exe	119
2608	1104	WerFault.exe	135
4300	3596	WerFault.exe	136
388	4356	WerFault.exe	141
1124	944	WerFault.exe	145
5288	3124	WerFault.exe	160
5688	1384	WerFault.exe	172
5412	4836	WerFault.exe	175
5476	4856	WerFault.exe	171
6112	5068	WerFault.exe	178
6344	4500	WerFault.exe	183
7808	5660	WerFault.exe	238
7928	5712	WerFault.exe	239
8088	5960	WerFault.exe	252
7340	5256	WerFault.exe	188
5344	6692	WerFault.exe	274
8564	7076	WerFault.exe	288
8944	6328	WerFault.exe	298
1804	7648	WerFault.exe	330
10364	5892	WerFault.exe	388
10496	7020	WerFault.exe	285
12080	7620	WerFault.exe	329
6524	18236	WerFault.exe	1002
5532	16196	WerFault.exe	850
7172	1200	WerFault.exe	871

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20001.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
228	e7de53189611830bf8747c63ca8c6c50N.exe
4188	Unicorn-42224.exe
1964	Unicorn-65104.exe
4332	Unicorn-15581.exe
4848	Unicorn-2063.exe
4728	Unicorn-38711.exe
1688	Unicorn-20328.exe
1136	Unicorn-47818.exe
3904	Unicorn-24835.exe
4448	Unicorn-61783.exe
3284	Unicorn-25904.exe
3024	Unicorn-49266.exe
3192	Unicorn-41917.exe
1532	Unicorn-12006.exe
1336	Unicorn-11029.exe
2812	Unicorn-62831.exe
4396	Unicorn-7403.exe
4892	Unicorn-44243.exe
5112	Unicorn-40159.exe
4384	Unicorn-65410.exe
3112	Unicorn-9110.exe
3580	Unicorn-20808.exe
4640	Unicorn-44435.exe
1216	Unicorn-18400.exe
3216	Unicorn-44435.exe
4672	Unicorn-44435.exe
4036	Unicorn-31150.exe
3876	Unicorn-25284.exe
1172	Unicorn-44435.exe
1104	Unicorn-28077.exe
3596	Unicorn-9140.exe
5100	Unicorn-11549.exe
4356	Unicorn-5478.exe
4820	Unicorn-42619.exe
944	Unicorn-10501.exe
4744	Unicorn-9925.exe
4292	Unicorn-39111.exe
4708	Unicorn-10522.exe
4084	Unicorn-43942.exe
3044	Unicorn-57677.exe
928	Unicorn-11207.exe
1492	Unicorn-19053.exe
2772	Unicorn-45032.exe
4048	Unicorn-20528.exe
3732	Unicorn-36541.exe
4576	Unicorn-50277.exe
3324	Unicorn-31903.exe
3468	Unicorn-31903.exe
3124	Unicorn-44456.exe
2132	Unicorn-10714.exe
2632	Unicorn-10449.exe
4032	Unicorn-55831.exe
1480	Unicorn-19952.exe
3916	Unicorn-14029.exe
2228	Unicorn-44648.exe
4856	Unicorn-64746.exe
1124	Unicorn-24782.exe
4464	Unicorn-35717.exe
1384	Unicorn-19075.exe
1424	Unicorn-20838.exe
820	Unicorn-43579.exe
3856	Unicorn-56578.exe
3576	Unicorn-4776.exe
4836	Unicorn-17988.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4188	228	e7de53189611830bf8747c63ca8c6c50N.exe	88
PID 228 wrote to memory of 4188	228	e7de53189611830bf8747c63ca8c6c50N.exe	88
PID 228 wrote to memory of 4188	228	e7de53189611830bf8747c63ca8c6c50N.exe	88
PID 4188 wrote to memory of 1964	4188	Unicorn-42224.exe	93
PID 4188 wrote to memory of 1964	4188	Unicorn-42224.exe	93
PID 4188 wrote to memory of 1964	4188	Unicorn-42224.exe	93
PID 228 wrote to memory of 4332	228	e7de53189611830bf8747c63ca8c6c50N.exe	94
PID 228 wrote to memory of 4332	228	e7de53189611830bf8747c63ca8c6c50N.exe	94
PID 228 wrote to memory of 4332	228	e7de53189611830bf8747c63ca8c6c50N.exe	94
PID 1964 wrote to memory of 4848	1964	Unicorn-65104.exe	99
PID 1964 wrote to memory of 4848	1964	Unicorn-65104.exe	99
PID 1964 wrote to memory of 4848	1964	Unicorn-65104.exe	99
PID 4332 wrote to memory of 4728	4332	Unicorn-15581.exe	100
PID 4332 wrote to memory of 4728	4332	Unicorn-15581.exe	100
PID 4332 wrote to memory of 4728	4332	Unicorn-15581.exe	100
PID 228 wrote to memory of 1688	228	e7de53189611830bf8747c63ca8c6c50N.exe	101
PID 228 wrote to memory of 1688	228	e7de53189611830bf8747c63ca8c6c50N.exe	101
PID 228 wrote to memory of 1688	228	e7de53189611830bf8747c63ca8c6c50N.exe	101
PID 4188 wrote to memory of 1136	4188	Unicorn-42224.exe	104
PID 4188 wrote to memory of 1136	4188	Unicorn-42224.exe	104
PID 4188 wrote to memory of 1136	4188	Unicorn-42224.exe	104
PID 4848 wrote to memory of 3904	4848	Unicorn-2063.exe	107
PID 4848 wrote to memory of 3904	4848	Unicorn-2063.exe	107
PID 4848 wrote to memory of 3904	4848	Unicorn-2063.exe	107
PID 4728 wrote to memory of 3284	4728	Unicorn-38711.exe	108
PID 4728 wrote to memory of 3284	4728	Unicorn-38711.exe	108
PID 4728 wrote to memory of 3284	4728	Unicorn-38711.exe	108
PID 4332 wrote to memory of 3192	4332	Unicorn-15581.exe	109
PID 4332 wrote to memory of 3192	4332	Unicorn-15581.exe	109
PID 4332 wrote to memory of 3192	4332	Unicorn-15581.exe	109
PID 1688 wrote to memory of 4448	1688	Unicorn-20328.exe	110
PID 1688 wrote to memory of 4448	1688	Unicorn-20328.exe	110
PID 1688 wrote to memory of 4448	1688	Unicorn-20328.exe	110
PID 228 wrote to memory of 3024	228	e7de53189611830bf8747c63ca8c6c50N.exe	111
PID 228 wrote to memory of 3024	228	e7de53189611830bf8747c63ca8c6c50N.exe	111
PID 228 wrote to memory of 3024	228	e7de53189611830bf8747c63ca8c6c50N.exe	111
PID 1136 wrote to memory of 1532	1136	Unicorn-47818.exe	112
PID 1136 wrote to memory of 1532	1136	Unicorn-47818.exe	112
PID 1136 wrote to memory of 1532	1136	Unicorn-47818.exe	112
PID 1964 wrote to memory of 2812	1964	Unicorn-65104.exe	114
PID 1964 wrote to memory of 2812	1964	Unicorn-65104.exe	114
PID 1964 wrote to memory of 2812	1964	Unicorn-65104.exe	114
PID 4188 wrote to memory of 1336	4188	Unicorn-42224.exe	113
PID 4188 wrote to memory of 1336	4188	Unicorn-42224.exe	113
PID 4188 wrote to memory of 1336	4188	Unicorn-42224.exe	113
PID 3904 wrote to memory of 4396	3904	Unicorn-24835.exe	119
PID 3904 wrote to memory of 4396	3904	Unicorn-24835.exe	119
PID 3904 wrote to memory of 4396	3904	Unicorn-24835.exe	119
PID 4448 wrote to memory of 4892	4448	Unicorn-61783.exe	122
PID 4448 wrote to memory of 4892	4448	Unicorn-61783.exe	122
PID 4448 wrote to memory of 4892	4448	Unicorn-61783.exe	122
PID 3284 wrote to memory of 5112	3284	Unicorn-25904.exe	123
PID 3284 wrote to memory of 5112	3284	Unicorn-25904.exe	123
PID 3284 wrote to memory of 5112	3284	Unicorn-25904.exe	123
PID 4728 wrote to memory of 4384	4728	Unicorn-38711.exe	124
PID 4728 wrote to memory of 4384	4728	Unicorn-38711.exe	124
PID 4728 wrote to memory of 4384	4728	Unicorn-38711.exe	124
PID 1688 wrote to memory of 3112	1688	Unicorn-20328.exe	125
PID 1688 wrote to memory of 3112	1688	Unicorn-20328.exe	125
PID 1688 wrote to memory of 3112	1688	Unicorn-20328.exe	125
PID 3192 wrote to memory of 3580	3192	Unicorn-41917.exe	126
PID 3192 wrote to memory of 3580	3192	Unicorn-41917.exe	126
PID 3192 wrote to memory of 3580	3192	Unicorn-41917.exe	126
PID 3024 wrote to memory of 3216	3024	Unicorn-49266.exe	129

C:\Users\Admin\AppData\Local\Temp\e7de53189611830bf8747c63ca8c6c50N.exe
"C:\Users\Admin\AppData\Local\Temp\e7de53189611830bf8747c63ca8c6c50N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 484
      4⤵
      Program crash
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 492
        5⤵
        Program crash
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 484
        6⤵
        Program crash
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 484
        7⤵
        Program crash
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 484
        8⤵
        Program crash
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        10⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        11⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        11⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        10⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        10⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        10⤵
        
        PID:18236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18236 -s 248
        11⤵
        Program crash
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        9⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        9⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        9⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 484
        9⤵
        Program crash
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        9⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        9⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        7⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 484
        8⤵
        Program crash
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        8⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        7⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 492
        7⤵
        Program crash
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        9⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        9⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        9⤵
        
        PID:14696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        9⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        8⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        8⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        7⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        7⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 484
        8⤵
        Program crash
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        7⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        6⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 484
        7⤵
        Program crash
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        7⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 484
        6⤵
        Program crash
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 468
        7⤵
        Program crash
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        7⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        6⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 484
        7⤵
        Program crash
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 484
        6⤵
        Program crash
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        7⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        6⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47281.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        6⤵
        
        PID:12272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        6⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        5⤵
        
        PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 484
        5⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        9⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        8⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        8⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        8⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        7⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        7⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25353.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
        8⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        7⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        7⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 484
        6⤵
        Program crash
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        6⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 484
        7⤵
        Program crash
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        7⤵
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
        5⤵
        
        PID:7648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 488
        6⤵
        Program crash
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        6⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        5⤵
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 484
        5⤵
        Program crash
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 484
        6⤵
        Program crash
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        6⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 484
        7⤵
        Program crash
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        7⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        7⤵
        
        PID:17584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        5⤵
        
        PID:6692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 484
        6⤵
        Program crash
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        6⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        5⤵
        
        PID:5660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 484
        6⤵
        Program crash
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
        6⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        5⤵
        
        PID:5892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 460
        6⤵
        Program crash
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        6⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        6⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        5⤵
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
      4⤵
      PID:11532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
      4⤵
      PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
      4⤵
      PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17177.exe
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        9⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        9⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
        9⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        9⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        8⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        7⤵
        
        PID:17660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        7⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35602.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51470.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        6⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        6⤵
        
        PID:17460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2201.exe
        5⤵
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        7⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        6⤵
        
        PID:16196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16196 -s 436
        7⤵
        Program crash
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        6⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        6⤵
        
        PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        5⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45795.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
        5⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        6⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        6⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8465.exe
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        5⤵
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        5⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59073.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
      4⤵
      PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
      4⤵
      PID:16124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        8⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        7⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        6⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57287.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        6⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50382.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
        5⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        5⤵
        
        PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
      4⤵
      PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        6⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        5⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61991.exe
        5⤵
        
        PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
      4⤵
      PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42627.exe
      4⤵
      PID:11188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
      4⤵
      PID:16992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6386.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        6⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        6⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        5⤵
        
        PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39681.exe
      4⤵
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
      4⤵
      PID:17352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
    3⤵
    PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
    3⤵
    PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
      4⤵
      PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34194.exe
      4⤵
      PID:1200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 472
        5⤵
        Program crash
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
      4⤵
      PID:7724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
    3⤵
    PID:9356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
    3⤵
    PID:14148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
    3⤵
    PID:2360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        9⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        9⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17593.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
        9⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        8⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        8⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        7⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        8⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
        7⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        7⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        7⤵
        
        PID:18204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        6⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        6⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        6⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        6⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        5⤵
        
        PID:16616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        6⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 724
        7⤵
        Program crash
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        7⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        6⤵
        
        PID:13532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        6⤵
        
        PID:16576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        6⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-908.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24247.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        6⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58831.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
      4⤵
      PID:16136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        8⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        7⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
        7⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31444.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16425.exe
        5⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        7⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        6⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1709.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        5⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        5⤵
        
        PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53318.exe
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        6⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22101.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19570.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
      4⤵
      PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
      4⤵
      PID:17016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9157.exe
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
        5⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        5⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
      4⤵
      PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
      4⤵
      PID:17360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
    3⤵
    PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
    3⤵
    PID:18320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        6⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43299.exe
        8⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        8⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49498.exe
        7⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        7⤵
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        6⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43927.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        8⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        7⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        7⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        7⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        6⤵
        
        PID:14704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        5⤵
        
        PID:4500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 716
        6⤵
        Program crash
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61674.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16109.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        5⤵
        
        PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25902.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        5⤵
        
        PID:17428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34324.exe
      4⤵
      PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13189.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        5⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8912.exe
      4⤵
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
      4⤵
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        7⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        6⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14016.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        6⤵
        
        PID:15432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
        5⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        5⤵
        
        PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14916.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        5⤵
        
        PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43884.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        6⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
        5⤵
        
        PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
      4⤵
      PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
      4⤵
      PID:17992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
    3⤵
    PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
      4⤵
      PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
      4⤵
      PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
    3⤵
    PID:7784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
    3⤵
    PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
    3⤵
    PID:17104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
    3⤵
    PID:5872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27208.exe
        7⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
        7⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
        6⤵
        
        PID:17372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        6⤵
        
        PID:13044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
      4⤵
      PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
      4⤵
      PID:16000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36776.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        6⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53795.exe
        5⤵
        
        PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58682.exe
        5⤵
        
        PID:15464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
      4⤵
      PID:13956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
      4⤵
      PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
      4⤵
      PID:5852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
    3⤵
    PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23026.exe
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
      4⤵
      PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
      4⤵
      PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
    3⤵
    PID:7860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
    3⤵
    PID:10972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
    3⤵
    PID:14752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
    3⤵
    PID:17480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
      4⤵
      PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        6⤵
        
        PID:14744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
        5⤵
        
        PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        5⤵
        
        PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
      4⤵
      PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
      4⤵
      PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
      4⤵
      PID:6196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
    3⤵
    PID:6492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
    3⤵
    PID:9264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
    3⤵
    PID:14180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        5⤵
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
      4⤵
      PID:13480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
      4⤵
      PID:16584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
    3⤵
    PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
      4⤵
      PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
      4⤵
      PID:7352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
    3⤵
    PID:9776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
    3⤵
    PID:13412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54341.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:17388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe
    3⤵
    PID:18404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
  2⤵
  PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
      4⤵
      PID:15680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
    3⤵
    PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
    3⤵
    PID:12788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
    3⤵
    PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
  2⤵
  PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
    3⤵
    PID:12032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
    3⤵
    PID:15508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
    3⤵
    PID:18188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
  2⤵
  PID:10488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
  2⤵
  PID:13664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
  2⤵
  PID:16964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1964 -ip 1964
1⤵
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4848 -ip 4848
1⤵
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3904 -ip 3904
1⤵
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2812 -ip 2812
1⤵
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4396 -ip 4396
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1104 -ip 1104
1⤵
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3596 -ip 3596
1⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4356 -ip 4356
1⤵
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 944 -ip 944
1⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3124 -ip 3124
1⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1384 -ip 1384
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4836 -ip 4836
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1368 -ip 1368
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1800 -ip 1800
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4856 -ip 4856
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2164 -ip 2164
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1424 -ip 1424
1⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 4316 -ip 4316
1⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5068 -ip 5068
1⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4500 -ip 4500
1⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5256 -ip 5256
1⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5712 -ip 5712
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5660 -ip 5660
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5960 -ip 5960
1⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5772 -ip 5772
1⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5952 -ip 5952
1⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6412 -ip 6412
1⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6232 -ip 6232
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5288 -ip 5288
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5156 -ip 5156
1⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5396 -ip 5396
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5788 -ip 5788
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6668 -ip 6668
1⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7076 -ip 7076
1⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6692 -ip 6692
1⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6328 -ip 6328
1⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 5892 -ip 5892
1⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7648 -ip 7648
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7288 -ip 7288
1⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 9036 -ip 9036
1⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8460 -ip 8460
1⤵
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7020 -ip 7020
1⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7620 -ip 7620
1⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7852 -ip 7852
1⤵
PID:7240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11029.exe

Filesize
184KB

MD5
59982d75595589b4fc6d27382c260b27

SHA1
ea6afb9fea8bba3f6e7168fbcb2dce681948f3a2

SHA256
716e98c823dfaf9bbbe55b139b49b2c2f78024ae269f46c17b5286ae4ae9df45

SHA512
2f3b26ec4a589a27ad763caec25ad53e5ffb19c23746d80b51d0a913bb46df588c15b99938f740cea48065a8c440289dccbe2449a95d2d5f3b0751a12735818c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe

Filesize
184KB

MD5
2d88903cd5ad9a1a57ff5e3d2ce62fe9

SHA1
5e188684127771412a048ad751f721b541abf45f

SHA256
d4978775b0ba43ff8d8d1c25583c2364fd6a3d0da892d072d2055e8d05be8b96

SHA512
629c8b82ddf7e5b1a9b135a9b8a852ebb9d5e6948b0991341b7c0db9e7264cef88da6607d3e0e9a1e32953e7d84f92d1021eb5c22895138f6ed01766606ae2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe

Filesize
184KB

MD5
18a443e1ddb9f5124af68f65b374001e

SHA1
fca9f5c8e233de776da6908c6ca0f703e3d96bf4

SHA256
6e6eaa116aad54d79a471ccfc980e7e1e308856f9d121099fff26c525fbb6c3e

SHA512
79d513ab199a208b4e8efb65a973ca1fb577eb8de620a16a057179323aced2c51e6e6fd8e0f20284758b7cbe9d10b1dd2ca45fec675fa1c87ba047351baaac48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe

Filesize
184KB

MD5
2d3f292ee8408cf99e76713032e7e8ae

SHA1
b69a2ecd0a4a162649bd960896c9c82c9c803def

SHA256
75effeb1743f83aa87b6b51f0eeb9116d949398e2d4092949738cf14227ac496

SHA512
d1da6654a1162639492ead6734db15e1c2d0e7fa3a3a95f726de013f9cac5b200c16b427971533ea7ceed528ee732c8a41ec694dd76382e6226c158f224f5950

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe

Filesize
184KB

MD5
0d165e1211f81b2d6c424326d0463b7d

SHA1
275803529e4efba3629234a4458ccef2681e562c

SHA256
bb670612f6c8b3426c0515f727c6e51fde04d31a857cbe9ab0a830378f7f72bd

SHA512
ec77e7fd2cd499d33e45589d37158d682a5e15c5ead3687ae082d881bb93a6928e900a0e67e4b64366c10cc6757d2cd4a072911dcf9d7952cc27d1216dc7ca90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe

Filesize
184KB

MD5
53f0524705609313d61b67581aa17d4b

SHA1
059f8d32676361e275106f05717ce117d7d6cec6

SHA256
a8dbae872efb9a4e50d6cd71ec965b22c38fa171407da39013a33e2a56e7abfa

SHA512
ef209cedba459d08f11bb810eccc57a4c3cecfe4c39066bfa3c55e875e668f0adc71572717aaf58d35be0d24a355bfbe991cea780a3069b50d7700adb2846bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe

Filesize
184KB

MD5
8dabf3af8cd2c7e2cabccb1f324b2357

SHA1
9463d148c3e9a8496fd93da38dbe430bd4c708a9

SHA256
68a551b77f5cc7ac43b3ab505604dffaf90ff12ac3ff2c51fdf992ae875e0def

SHA512
295c9fb6c5598a2808bf4d851e6f35484c380f1c4742bdf7d04ed64d1c0e66302d813a4b76fd9fb7ee532382a4a96c144cab0ddf9d25167f76be1a97eac9e43b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe

Filesize
184KB

MD5
2cc328df326e5e866ac63a9fb17300ec

SHA1
e84fe550b6e8c927a2e6beac0e70d48cbde6dbac

SHA256
329f886fb5399fb55f954758bae8f9f7fe6efdb7648442ddcf547ff27124eb25

SHA512
6cd515decbee908ed7fdfd138e3f862b5d2c90aed4bca4b4f64d10538d9da7dff5c6b3ef38783bdd594a39f8c40fc2e660741fba725f37c9e6b5b5487d6d40a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe

Filesize
184KB

MD5
9f95bfd5975173d714c5160e63c666ca

SHA1
f0503218199e89829a6da1a2abd8fc631c37ace7

SHA256
4a891a4a72f051dac0516dd7cedd8e7832d842eea9f0a4b2016a63ae582cf273

SHA512
acf630655860c30632cc2dde0fda33c60a0ab868b6719eb07be6faf26f83b07cf16109a2c6a923788bb03bbabea82569eefd733b6af9305b9725f5ac79d04907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe

Filesize
184KB

MD5
4a77f158f06f6e3e821253fd3ea2633e

SHA1
f722f3af34e8ecde46064bceac95ca50efddf347

SHA256
13f36f8e4e05a26e5a9255c37e8b9ce5b8fdb06ce7e7e187001a185cb67c3a8a

SHA512
f1e18f40dd33c3db69dc1a0d2e60a8a16c7516678ca66d2c42e92275d639fa5bb31a855c104dee67b1d38d77c8c1ec6caeaf706b73f924820e590c5183e20921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe

Filesize
184KB

MD5
fb6c127d575618cd86e78f597cbeb831

SHA1
9bb2dcbb0004d85c6af80e7a21d9cacba5cf4d76

SHA256
3836dfc0c52e35b9382d6d39965be64ab7ccc8d46395617a154786a5bc287a42

SHA512
ce27c8148a6830a8fc4bbdb40fc386c742129372afc46a2c98e4bfd048f15f0aeed58b4b7e23ab4aebe0cf8bb6b5a94d1a75941c4bf3fc5d58263ae6d59a3ae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe

Filesize
184KB

MD5
ed97f923e6bac431ad927aeb5f4bfff9

SHA1
fda91cec878f027323f57eda42a44e8f36048201

SHA256
e62c76758eb68b635a8387a575e1b2f1d3a5b05f828c3785afa3ad0297c716ea

SHA512
e37ecc08992083c7a750023a4ea0397aa135711eea44d3ae75e6d8571a65f951ceed65421ce70aeb01c34a32ea74d7ed6727f6b3aba4780174be1224f5093350

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26949.exe

Filesize
184KB

MD5
984f5daf2db9144a66882542b9c793c4

SHA1
c32684cb08f2ca51400c0e27c88a1845e51f3094

SHA256
d19195ba545cdf55a5e6db251202f6ef9ddb942512a1e81d76227cb13a355831

SHA512
7a7cb69718ff0dcc15f54e20b87775664b77eaa32ccba51305b50fbf86dd7ee9103410cdd0c97018888b1172b4108d395b94b85961a44e261fa6135c0f53b448

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe

Filesize
184KB

MD5
e7808890a4447e13e1f4c7d27469af84

SHA1
c4ed12861ba9777a5812addb7d309cf8adda73a7

SHA256
d05601669d0e9a1f74661f5b6b792b801396a1af94533267985af8e29b64dc67

SHA512
83900e2409a5305ce16c494536a1c5cb30cd0c3159e0991c9809b53ebea0cceb0d1e0749b10d8bcaab1783df5f703ad4320c1f1e002fa4c63b6c2f238d003aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe

Filesize
184KB

MD5
3ad98fb176a648e2137f4ada2bc8a694

SHA1
07bd1a337a4417d6fb9484776fc92fc286db5edd

SHA256
8da07e94788c74b157f91175cd9cd83d0d694a82e4c041ef6461abe681272d4c

SHA512
ed0bff4fb24b8b73cc53a7f0ec361f880de5ee3416191cc326a6c6ce1f22edb8eefb63ab3573df33247b33ed2f25df755ae3e57da2ef3ab60ff9ef201df4834e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe

Filesize
184KB

MD5
3ae34d49fe7676a3377cf888fb493db7

SHA1
7e1f2b380dced274511b1cccd74ecf83ad08fb0f

SHA256
3aee51ab9018cd10b0b971379499d58c330101798a92722213fa1f88fc24deed

SHA512
810d9ef9698fa5f1f9bdeef7a8fed9261264f46a5201c993506f09e48b2c58820120c694a6e560d73f3ccff27f628fdc51b94a90b2e3bbe90db4782edeb92f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe

Filesize
184KB

MD5
577f6794c2d161348c56a9da90249c74

SHA1
c6a63136d46d9ab6d2b448e38c96837764810f0b

SHA256
848666376a32712a409ecc996278c92634e73f95d00ce1e3e60ceb49dae9c854

SHA512
7a7857e08db44fc52934a5905deb806628ff405f24815f7208ad113e8dfc6dd23b54d110da4eb760152714b90ff5af1058e55807724cbea0ecaf5bbb4eed881c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe

Filesize
184KB

MD5
435ab04ea7c6fba5466d18c639a95cbd

SHA1
f72a204aede6251875996ff17c6c86e601f11bd8

SHA256
2a1188d283152a400f53c6f3fdbfcf8be4d2d0369d73389af2475e32709e6833

SHA512
1c634d35c038fef459f50d2d2b1dfc820741f3bfdc5f8badf8f4c7d91f8b6c2da3141d6f228d594dbc3852c0bf566cd7be5557ff5b59aff125c5111f3950696a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe

Filesize
184KB

MD5
db1b360b0fa5ec2b00d6c3ddaf617b09

SHA1
d3bdd583123bf05d2b1ac125d2a06f4778fabfef

SHA256
30282b7163071a71134a7ef434134acbf3d06ced300b5c0e61a5900fb45717c2

SHA512
e1f9e6ea3a5b81d56e5682025229eaab96ad0f9539c287522dbd808ef5aa61dd4397f114302903564b28c691ce1d8e9604a924b47937fa3a55d965a441f1474e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe

Filesize
184KB

MD5
8c8900fc056c07bfec915e3dedf35357

SHA1
1231ca4820e9aac87596f5024a0f1b45347ae1f3

SHA256
2f2ada529fff7a290f85567dea8cbef5a6109923ba9fc300e8e725f848e69e5c

SHA512
ce0eafd1107da628e4aaa766b61331a6c5747159651fe7f454359d1efd7c6252f54753b438318853518e9cd1ca221ecfb89c44e844c584fb695d22483956d8b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe

Filesize
184KB

MD5
ece9b36f19887239a9684df63d65cb59

SHA1
5568565bee55e93d4cd57a6aa87ac7ffec5af1c1

SHA256
52490cff82433f0ab741c7bc85b5693412e7fa6d94c42e3f0fe7dbf1f7b8b66a

SHA512
5c67690c0665b9dade29c4dcc410619783fd0498a790ca8d9a5b62c4392f121ecad457bb545f83e46e267a908369a31ff044c00bdf495765d2854445445792c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe

Filesize
184KB

MD5
a9e3909cb1723e32c4a2fd3ddad1defd

SHA1
86b3b006f4f7382948a02675fa7c49cde77d374c

SHA256
320395e6c6f9bd48a99645e9c768b729756fe8188af9aeebd837f02c2958b8e7

SHA512
1d68ac8dad913ffcf89834c46b71acc7ef875b0c67b3dd0c110bfd14c04366cba535017d7b00f4cdb6d185ab7af09c3aaef27f2e8cc3ba599f3f52988dcd44ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44435.exe

Filesize
184KB

MD5
bfb897c31696bedeca543c5377283767

SHA1
ce3ced5e6509dbbd2392ee1ca5e604b9e71c9b4a

SHA256
13a529086f55a6430771bdce1a48bcc9a6a8d6da7d2cc3a2c41dc9ff95b982cc

SHA512
42ba911f1237c6aad61c581905096cb04ede4eef98d62cb59a6cd7fbb3a5d5aa5c5cdad41162cf596e7f959b77be0aaaf9fcf4bc432f102bfb32d76f91e134d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe

Filesize
184KB

MD5
2551e03133ce05158899cb85ae4c697c

SHA1
343c0ee2051e2dd2d76b703bf041a6f245500cbb

SHA256
02b2999f95aedfa5cba4d3d28fa51eb2a1b87fb8129ef230d850e76f4908d51c

SHA512
2ceba8d7e9a2427915c482cf78190eee9bb5f32849149d3b6aed7f214cfe807d4a913ccb6aac7c0311d062c283fcc99192d9a5ba7404e75583aa062269f67443

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe

Filesize
184KB

MD5
165008c08622295dc8d20d4818f6d8aa

SHA1
7f4701a9c014693377ece525a61dd473796da9a6

SHA256
490d130ac7e894293e9e4e6dd2edbab8e895f50417504aa938a06ff68f352480

SHA512
0043f50627e9149cd04dac672369a9fcbaca72bc92b60a4af8403aaa206007f41a06da1f5c1a2367131d674f78a6e78d5895f4160371dc6d8e671b19371480c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe

Filesize
184KB

MD5
f30743c96b608f2209be6139c5e58a30

SHA1
54622338e1cbdd7f13cc0e8aa6bccec168f9a533

SHA256
3e5b5ad145ca324b0a860717fda1e8a7738055b4d667eb233076f579ce093841

SHA512
ab421684012fe208be6300dae25b41c00c89fc00ad4f445f546a8af110d820509b735ab58f0e6d530af78b257afb657caaea48842d71dec7b8788fecaa4d6b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe

Filesize
184KB

MD5
361dda5cb795d08480448de0f5f5a71a

SHA1
f80a30e1baea857886b2717a6b89aa1f72e60bf1

SHA256
3a6de44ee9487c5aa49c7400b624344f3a749b2661c512eafd8e021c26f326d4

SHA512
f767aaab6b60e4400d0236f55fdc6fcb5a94e1d5c2e2da82801f1bacf262a2aa321c5bc86e31154e502598656aac09bb0277b49979a3a6045d1de0b4e8f496b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe

Filesize
184KB

MD5
e2e5ad5d6b792f277a3569f65cebfdd5

SHA1
32f7fcecaa804d245c441d3c91fb674ba562aca8

SHA256
a20129c09a446d4ef4261d9d6468966f96942c1d5173188793f5afa74aa9a574

SHA512
c8545de132258529a39201e328449ad7123800d2df253428208dc8cc15d9ad6f6e7b04441f01a8db2d7074c828128d65ba04abeedcfac96bc289911ff3066a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe

Filesize
184KB

MD5
aa2aa927fd202f22bb2b4a1c1f23f9c3

SHA1
d3258030dc0e25203485599a82ed52ad4f2684b2

SHA256
92aec71f4c002fdd829f427f19479e21114ddabcb28a7bc5a8842b577dbabe87

SHA512
fe67dcb2b2e434dac78633f492238035e15d30c17c3446fa2564d5f56c8cc91000332e2b564441760f1fba5c95a9caa1d99d44d5676ef7df2af052835d91c07c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe

Filesize
184KB

MD5
17a9c3584562803724f1d9ebbee18a26

SHA1
fa234ca4303ca1bb342026564cf5de18e120f38d

SHA256
651d7ce91e743b28a65238072de0cff507dbf0b20771f4ea525c156cb563f542

SHA512
657d599c1be7a4344e277dc8e9c77caa8606f0e1a3a8914063178bc76eed52bade39e80963695791bcba04c0305378255eddf46336831d05a09e032b8d6eb0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65104.exe

Filesize
184KB

MD5
03d85b3d0aaa68aa456c166f5a17a0ca

SHA1
694bbd46f7e714237a6a2c542fa0deb91d8580ca

SHA256
a1a9e264e3ced90a3f027ba6d801161f80780e905af7867086b3d76dd27f0a00

SHA512
e786f50a07ae4eda49ff6943240216a6d2026b270ba58a6358a63309c1f7bea640c419c3f4d4d18b6fb3c35dbe3c8993d6d5fd558f7acb855708f2ef04ecca91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe

Filesize
184KB

MD5
9b9c87ed709eb3ff26750634552bf5fe

SHA1
9e5fe902c34674e18825a13294426a26d70bd0cd

SHA256
eba1eb5649a03a85a88884317b711afb1a948a73754644e4387b5a1d962acaa3

SHA512
8156dd813a043a1bda5864de1d704f4fdf30cd6854004bc5a6cf9873a600111f36b42c75cd1a8757cb96a2c31863ee301397875f73ef8cafaaebcce1bb20a6ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe

Filesize
184KB

MD5
3ed4cc23310ab1068cfdf4260abfa8e3

SHA1
9339572f460db7cd8ebdc3d3744a97a823626755

SHA256
af68e0c23f53a38c7a71e17999173e7b0f7b3b22b24f3b05215f564d53523903

SHA512
6defad86360e7a631ba8bd5f23d4ce8cdac9835311178bfda1884c2947f3aa14a5731b081b7571e72de2fb5c33898850c1605b8f79cec32b37dadad24f93b4ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9110.exe

Filesize
184KB

MD5
ed346210ad615d168320a6d8ff1eeac7

SHA1
08b8e08e2e3ee459596e53665996662656f1336c

SHA256
73d212b5dc614b74c92b02bba607c625bee8a7725091439b676b7bed22b4be90

SHA512
290486c650d08836368bf8ead9fb44a34a7b905af0efe97dddd98ea838b7fe771422f86c2e6ca37e05e4404a545a0d00f8022219813882ed1da7e0ded3fc1de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe

Filesize
184KB

MD5
56e57e84ee1ddbea45785f86c2e44454

SHA1
ac03c9c725ac4bdd64f68f0008d20a209083bc1d

SHA256
a8a5c1ef0ac4e7c13c7540f743c1356117353c06a51a5ca6f338b78c0fe7bc4c

SHA512
ccc650564e15e69c0863710e8573828d567a95e6418f99fe6e9e6374aeb1247dd4c5620ad492f3a26d41cf6f2e9c5e4fa2757d5686eac0f2c9a9fa3537dc8683

Download Submit
memory/3876-2909-0x0000000075B20000-0x0000000075B7F000-memory.dmp

Filesize
380KB

Download
memory/4384-2908-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download