02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275d

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
Size

184KB
MD5

f5b8e1232d8d1fc93ba0958ecd2e0170
SHA1

ef9e904e44d5affe58d64373a9e151f2518279da
SHA256

02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275d
SHA512

94c49688869819e42d42255e8a061a967aeffbc9d76c17af678bef2ceab1ba2fb9d677191b3f1650acf04944bee3ebb8331a8a8d4791b74b8d408c5c706d6f31
SSDEEP

3072:yLwcVMoZpdskqd4aOs8EVQZ42uvHqnviu:yLmolm4alVE42uvqnviu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2096	Unicorn-32569.exe
1648	Unicorn-38018.exe
628	Unicorn-34597.exe
2776	Unicorn-16184.exe
2756	Unicorn-56248.exe
1656	Unicorn-52719.exe
2508	Unicorn-55833.exe
2620	Unicorn-47016.exe
2388	Unicorn-64385.exe
2860	Unicorn-44328.exe
2924	Unicorn-24238.exe
2832	Unicorn-14992.exe
2960	Unicorn-18911.exe
2168	Unicorn-3721.exe
2292	Unicorn-40352.exe
2164	Unicorn-38314.exe
1116	Unicorn-13809.exe
2132	Unicorn-30146.exe
1692	Unicorn-59481.exe
1652	Unicorn-29881.exe
2380	Unicorn-42760.exe
580	Unicorn-62626.exe
1008	Unicorn-59289.exe
636	Unicorn-25507.exe
2036	Unicorn-18489.exe
1488	Unicorn-11666.exe
236	Unicorn-36171.exe
2240	Unicorn-18417.exe
1764	Unicorn-47634.exe
876	Unicorn-35403.exe
3000	Unicorn-7369.exe
1564	Unicorn-18875.exe
2140	Unicorn-4576.exe
2068	Unicorn-52590.exe
2728	Unicorn-58490.exe
2952	Unicorn-53467.exe
2780	Unicorn-53467.exe
2532	Unicorn-59996.exe
2796	Unicorn-3389.exe
2828	Unicorn-55505.exe
2696	Unicorn-58298.exe
2596	Unicorn-47913.exe
2544	Unicorn-54043.exe
3048	Unicorn-3965.exe
1548	Unicorn-436.exe
2624	Unicorn-34137.exe
2184	Unicorn-1616.exe
1936	Unicorn-18185.exe
560	Unicorn-62979.exe
1160	Unicorn-16156.exe
1772	Unicorn-8672.exe
1128	Unicorn-54344.exe
2348	Unicorn-4266.exe
2060	Unicorn-59418.exe
2492	Unicorn-26628.exe
968	Unicorn-61146.exe
1984	Unicorn-43348.exe
1732	Unicorn-7884.exe
1104	Unicorn-35647.exe
1672	Unicorn-5012.exe
2252	Unicorn-51791.exe
2204	Unicorn-48454.exe
1412	Unicorn-58807.exe
1740	Unicorn-58807.exe

Loads dropped DLL 64 IoCs

pid	Process
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2096	Unicorn-32569.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2096	Unicorn-32569.exe
1648	Unicorn-38018.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
1648	Unicorn-38018.exe
2096	Unicorn-32569.exe
2096	Unicorn-32569.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2776	Unicorn-16184.exe
2776	Unicorn-16184.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2756	Unicorn-56248.exe
2756	Unicorn-56248.exe
1648	Unicorn-38018.exe
1648	Unicorn-38018.exe
1656	Unicorn-52719.exe
2096	Unicorn-32569.exe
1656	Unicorn-52719.exe
2096	Unicorn-32569.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
3024	WerFault.exe
2860	Unicorn-44328.exe
2860	Unicorn-44328.exe
1648	Unicorn-38018.exe
2832	Unicorn-14992.exe
1648	Unicorn-38018.exe
2832	Unicorn-14992.exe
1656	Unicorn-52719.exe
1656	Unicorn-52719.exe
2924	Unicorn-24238.exe
2096	Unicorn-32569.exe
2508	Unicorn-55833.exe
2924	Unicorn-24238.exe
2096	Unicorn-32569.exe
2508	Unicorn-55833.exe
2776	Unicorn-16184.exe
2776	Unicorn-16184.exe
2388	Unicorn-64385.exe
2388	Unicorn-64385.exe
2756	Unicorn-56248.exe
2756	Unicorn-56248.exe
2960	Unicorn-18911.exe
2960	Unicorn-18911.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2648	628	WerFault.exe	32
3024	2620	WerFault.exe	38
1864	1876	WerFault.exe	110
6840	5392	WerFault.exe	538

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32153.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
2096	Unicorn-32569.exe
628	Unicorn-34597.exe
1648	Unicorn-38018.exe
2776	Unicorn-16184.exe
2756	Unicorn-56248.exe
1656	Unicorn-52719.exe
2508	Unicorn-55833.exe
2620	Unicorn-47016.exe
2388	Unicorn-64385.exe
2860	Unicorn-44328.exe
2924	Unicorn-24238.exe
2832	Unicorn-14992.exe
2960	Unicorn-18911.exe
2168	Unicorn-3721.exe
2292	Unicorn-40352.exe
2132	Unicorn-30146.exe
1116	Unicorn-13809.exe
2164	Unicorn-38314.exe
1652	Unicorn-29881.exe
2380	Unicorn-42760.exe
1692	Unicorn-59481.exe
580	Unicorn-62626.exe
1008	Unicorn-59289.exe
2036	Unicorn-18489.exe
636	Unicorn-25507.exe
236	Unicorn-36171.exe
1488	Unicorn-11666.exe
1764	Unicorn-47634.exe
2240	Unicorn-18417.exe
3000	Unicorn-7369.exe
876	Unicorn-35403.exe
2140	Unicorn-4576.exe
2068	Unicorn-52590.exe
1564	Unicorn-18875.exe
2952	Unicorn-53467.exe
2796	Unicorn-3389.exe
2780	Unicorn-53467.exe
2728	Unicorn-58490.exe
2828	Unicorn-55505.exe
2532	Unicorn-59996.exe
2696	Unicorn-58298.exe
2544	Unicorn-54043.exe
2596	Unicorn-47913.exe
3048	Unicorn-3965.exe
1548	Unicorn-436.exe
2624	Unicorn-34137.exe
2184	Unicorn-1616.exe
1936	Unicorn-18185.exe
560	Unicorn-62979.exe
1160	Unicorn-16156.exe
1128	Unicorn-54344.exe
1772	Unicorn-8672.exe
2348	Unicorn-4266.exe
2060	Unicorn-59418.exe
2492	Unicorn-26628.exe
968	Unicorn-61146.exe
1984	Unicorn-43348.exe
1732	Unicorn-7884.exe
1104	Unicorn-35647.exe
2252	Unicorn-51791.exe
1672	Unicorn-5012.exe
2204	Unicorn-48454.exe
1412	Unicorn-58807.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2096	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	30
PID 2108 wrote to memory of 2096	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	30
PID 2108 wrote to memory of 2096	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	30
PID 2108 wrote to memory of 2096	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	30
PID 2108 wrote to memory of 628	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	32
PID 2108 wrote to memory of 628	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	32
PID 2096 wrote to memory of 1648	2096	Unicorn-32569.exe	31
PID 2108 wrote to memory of 628	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	32
PID 2096 wrote to memory of 1648	2096	Unicorn-32569.exe	31
PID 2096 wrote to memory of 1648	2096	Unicorn-32569.exe	31
PID 2108 wrote to memory of 628	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	32
PID 2096 wrote to memory of 1648	2096	Unicorn-32569.exe	31
PID 2108 wrote to memory of 2776	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	34
PID 2108 wrote to memory of 2776	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	34
PID 2108 wrote to memory of 2776	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	34
PID 2108 wrote to memory of 2776	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	34
PID 628 wrote to memory of 2648	628	Unicorn-34597.exe	33
PID 628 wrote to memory of 2648	628	Unicorn-34597.exe	33
PID 628 wrote to memory of 2648	628	Unicorn-34597.exe	33
PID 628 wrote to memory of 2648	628	Unicorn-34597.exe	33
PID 1648 wrote to memory of 2756	1648	Unicorn-38018.exe	35
PID 1648 wrote to memory of 2756	1648	Unicorn-38018.exe	35
PID 1648 wrote to memory of 2756	1648	Unicorn-38018.exe	35
PID 1648 wrote to memory of 2756	1648	Unicorn-38018.exe	35
PID 2096 wrote to memory of 1656	2096	Unicorn-32569.exe	36
PID 2096 wrote to memory of 1656	2096	Unicorn-32569.exe	36
PID 2096 wrote to memory of 1656	2096	Unicorn-32569.exe	36
PID 2096 wrote to memory of 1656	2096	Unicorn-32569.exe	36
PID 2776 wrote to memory of 2508	2776	Unicorn-16184.exe	37
PID 2776 wrote to memory of 2508	2776	Unicorn-16184.exe	37
PID 2776 wrote to memory of 2508	2776	Unicorn-16184.exe	37
PID 2776 wrote to memory of 2508	2776	Unicorn-16184.exe	37
PID 2108 wrote to memory of 2620	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	38
PID 2108 wrote to memory of 2620	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	38
PID 2108 wrote to memory of 2620	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	38
PID 2108 wrote to memory of 2620	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	38
PID 2756 wrote to memory of 2388	2756	Unicorn-56248.exe	39
PID 2756 wrote to memory of 2388	2756	Unicorn-56248.exe	39
PID 2756 wrote to memory of 2388	2756	Unicorn-56248.exe	39
PID 2756 wrote to memory of 2388	2756	Unicorn-56248.exe	39
PID 1648 wrote to memory of 2860	1648	Unicorn-38018.exe	40
PID 1648 wrote to memory of 2860	1648	Unicorn-38018.exe	40
PID 1648 wrote to memory of 2860	1648	Unicorn-38018.exe	40
PID 1648 wrote to memory of 2860	1648	Unicorn-38018.exe	40
PID 1656 wrote to memory of 2832	1656	Unicorn-52719.exe	41
PID 1656 wrote to memory of 2832	1656	Unicorn-52719.exe	41
PID 1656 wrote to memory of 2832	1656	Unicorn-52719.exe	41
PID 1656 wrote to memory of 2832	1656	Unicorn-52719.exe	41
PID 2096 wrote to memory of 2924	2096	Unicorn-32569.exe	42
PID 2096 wrote to memory of 2924	2096	Unicorn-32569.exe	42
PID 2096 wrote to memory of 2924	2096	Unicorn-32569.exe	42
PID 2096 wrote to memory of 2924	2096	Unicorn-32569.exe	42
PID 2620 wrote to memory of 3024	2620	Unicorn-47016.exe	43
PID 2620 wrote to memory of 3024	2620	Unicorn-47016.exe	43
PID 2620 wrote to memory of 3024	2620	Unicorn-47016.exe	43
PID 2620 wrote to memory of 3024	2620	Unicorn-47016.exe	43
PID 2108 wrote to memory of 2960	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	44
PID 2108 wrote to memory of 2960	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	44
PID 2108 wrote to memory of 2960	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	44
PID 2108 wrote to memory of 2960	2108	02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe	44
PID 2860 wrote to memory of 2168	2860	Unicorn-44328.exe	45
PID 2860 wrote to memory of 2168	2860	Unicorn-44328.exe	45
PID 2860 wrote to memory of 2168	2860	Unicorn-44328.exe	45
PID 2860 wrote to memory of 2168	2860	Unicorn-44328.exe	45

C:\Users\Admin\AppData\Local\Temp\02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe
"C:\Users\Admin\AppData\Local\Temp\02a6c83ee214c16b67d23e5742546932cab58a0199a56aa6323096969ca9275dN.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 188
        10⤵
        Program crash
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        9⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        9⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        8⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        8⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57785.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        10⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        9⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        9⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45988.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        7⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14780.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        9⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3659.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        8⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24189.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18650.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        7⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        7⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        6⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        6⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        6⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        7⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        6⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46560.exe
        7⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        6⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        6⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        7⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        6⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61186.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        6⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        5⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        6⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        6⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        6⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        5⤵
        
        PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16156.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        9⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        8⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        7⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5354.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13661.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7485.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        7⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        8⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
        8⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        7⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18112.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        7⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47634.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31819.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        7⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        6⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33374.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        7⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63573.exe
        6⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        5⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        6⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        5⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        5⤵
        
        PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43760.exe
        7⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
        7⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        6⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        6⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53523.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11617.exe
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        5⤵
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61280.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        5⤵
        
        PID:7292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        6⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        6⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        6⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
        5⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57421.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48411.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        5⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        5⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
      4⤵
      PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
      4⤵
      PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
      4⤵
      PID:7288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8866.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59019.exe
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-436.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        7⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        6⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        6⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        6⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        6⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        7⤵
        Program crash
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53523.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        6⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        6⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60054.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        5⤵
        
        PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        6⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        7⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        6⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        6⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48614.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        8⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
        6⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        6⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        5⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        5⤵
        
        PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
      4⤵
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
        5⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
      4⤵
      PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
      4⤵
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
      4⤵
      PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61655.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        7⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        6⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
        6⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59505.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        5⤵
        
        PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        6⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        6⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        6⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        6⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        6⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45517.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9932.exe
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        6⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        6⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        5⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        6⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56366.exe
        5⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4762.exe
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
      4⤵
      PID:8104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        5⤵
        Executes dropped EXE
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        6⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        6⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        6⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
        6⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
        6⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        5⤵
        
        PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
      4⤵
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      4⤵
      PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
      4⤵
      PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5743.exe
      4⤵
      PID:8444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6074.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14915.exe
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
      4⤵
      PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
      4⤵
      PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
      4⤵
      PID:8360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
    3⤵
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
      4⤵
      PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
      4⤵
      PID:8084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4302.exe
    3⤵
    PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
    3⤵
    PID:5804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
    3⤵
    PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
    3⤵
    PID:7256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        7⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        6⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        6⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
        5⤵
        
        PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        6⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        5⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
        5⤵
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
        5⤵
        
        PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
      4⤵
      PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        7⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49007.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4261.exe
        6⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        6⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        6⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9748.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15379.exe
        5⤵
        
        PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        5⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
      4⤵
      PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
      4⤵
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        5⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
      4⤵
      PID:8688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
      4⤵
      PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
      4⤵
      PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
    3⤵
    PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
    3⤵
    PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
    3⤵
    PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
    3⤵
    PID:7748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57549.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24092.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46271.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        5⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
        5⤵
        
        PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
      4⤵
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        5⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
      4⤵
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
      4⤵
      PID:8156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32105.exe
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
      4⤵
      PID:8292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
      4⤵
      PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      4⤵
      PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
    3⤵
    PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
    3⤵
    PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
    3⤵
    PID:7388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
    3⤵
    PID:8284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
      4⤵
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        5⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2310.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        6⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
      4⤵
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50429.exe
      4⤵
      PID:7188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
    3⤵
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
      4⤵
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
      4⤵
      PID:8716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
    3⤵
    PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
    3⤵
    PID:6188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
    3⤵
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46666.exe
      4⤵
      PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
      4⤵
      PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
      4⤵
      PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
    3⤵
    PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
    3⤵
    PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
    3⤵
    PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46568.exe
    3⤵
    PID:7780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
  2⤵
  PID:3384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
  2⤵
  PID:3804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
  2⤵
  PID:4368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
  2⤵
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
  2⤵
  PID:6180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
  2⤵
  PID:7172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe

Filesize
184KB

MD5
e86a7d5498240719bfa20e94514d6899

SHA1
e45779a04f06bf7728ba7da3f04371758f8e8260

SHA256
c8ec80077d00470fed25e0063c627a53c529e85a44adfac4e7973012b459a531

SHA512
37bcdd844059ae877a468a145a15333d11200311066189d3e1a8af540e991a7381bbf6d758f4f387cf7d8a48bf6236a6ec9028460dc67155980bcce0c7ef1098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe

Filesize
184KB

MD5
be548e0166830fa10be502297d0b2af6

SHA1
4c33cf4ac595ca3bc251faec0fa067a958a4b669

SHA256
a304a91426893bef6c3e25da645b024162f7a305d12b05ddd521aec295d41cd8

SHA512
c02bbfcd67fd72c019567e21e59d8fb711554d2cae9a05356252d7d3f81b9e7740062220b1115319e423276eebc6de30ce017120ea0e9be978f3db8522193f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe

Filesize
184KB

MD5
4577f822f1292ea4db043e3e6283e8dc

SHA1
b19c8a5bc396267901c06ed80f77ca3fdbfbd074

SHA256
6cf1b6db058c1d0492963a8ecf23eaa6a2fc6affa30d3c15511790b099be41e6

SHA512
ab07a2cd01267bd8ebd6d4e22bfd73280ac427355498e2823866db566ffacb79cb97f800d30b8b12bcf4e0c45fd8fb0710c6fd45597a96675a7c788b9303cd08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe

Filesize
184KB

MD5
030f8cc0ae2029c29cf9104ee1e2fc80

SHA1
432848212d2bb1c215bb1e995cd6963cf55e28a5

SHA256
62bdeefaa52d9b36787b1c8cf5b5c03453db06cf3232d3364e60166bd53340b3

SHA512
30bf52ff0553cf4837cb127e0319c54dbdaaa98774b9a7cdfe71a6ec6dfe4d6a651f2703928d46323bbcbe44fd7be0d733b6ed151fa51272dddd6765e72400a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe

Filesize
184KB

MD5
83c579d13fb8759faeb3734a0e69a62d

SHA1
88241c6b180d851595ba1731a9bd059256df9716

SHA256
977e52726671520ad612c30e7adc29975bd2b7853576015d925fef88b0e8ef8b

SHA512
b73c222c5fe89c068ccf1a3eb3f63b66ca63b4492934d1b8196fc6e3f2167ee754b533109afd62472daf8a058d47463b88882762a7c80fd130f048cb18e1d745

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe

Filesize
184KB

MD5
5612315ef61f838f2caec97a54e37971

SHA1
4f038a45ad9988504a2576de6790503b6675c5ba

SHA256
60f20a08247c0b163006ba464a05832fdc536df5f7395db6a9fd52b5d8545def

SHA512
67714c7c15159780018e1500bc9aad6783e20a753690e2caeb52d80e1dccf04337701e1e2a2d07135f04eebfd58ee0d58ce35b3387f3a5fd3fd464bd79cb0283

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe

Filesize
184KB

MD5
168aed3478d2a1c6dbb7592f6f724b63

SHA1
0705e252705e08b7f69c2742c75370a0fd2c0b55

SHA256
b917b09ee8ad2b0d4009529f72a35bcdd508a2bfd67342e97810d83b82986ee2

SHA512
7b70b57c301d2aff90b5c26c5e06848e6ebd58c04291ebd2fd2da6bb7e0ba5e491b2c381ba44ae1eb1136993fbd5f3aa6553ddb041299caa0d37b1586147fdcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe

Filesize
184KB

MD5
a7673807ba8a6bfd4c75e3249d7a9d2f

SHA1
499f42a187770c14d0a132b24285ebee7b45f1a5

SHA256
a8822a2a2995ad357477424f442067bd327239d607d105d8b755c208cea4e836

SHA512
ddf45ea4b714401de301a2ef983dd2e292a46e63718126d332a2cf6786b3cb70187a1f6a558a0f3e279052ce12aa7e8f1f76bc30656ed9bb140cccf74518731e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe

Filesize
184KB

MD5
fd91b73f7591227d82a56226f6ca5ca7

SHA1
cc80785b53132de61404b8cf723cb4e9b46c3c4e

SHA256
bbbce3be501dc5595c871873d0cef5302f4234212b5d653b2237f1bd3dbd2b3b

SHA512
b053e916037afaa06c321e02c9106a5bb3a64c02f9d371407750832ad841dee879827c349633ee3e006153ffd071dcb16b45daf3d6df1bef49f61e9b0f22f239

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe

Filesize
184KB

MD5
5e2c2a3411e445925deec5b39d050c51

SHA1
6d7829c071d78ff008420b2925f4e7bbca0330d5

SHA256
9648c5db085a48eff7591728923ed8d7bf30e74199c8b1f15f8c95612b46878d

SHA512
928563cfe4148300ad4090eb361c3cbeba2d8a6cf2518ef48d3fc8dd5d397ea5fc0d5cb21212f78236277298e34293b95157c6a769c20a95731c60af8e5a923d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe

Filesize
184KB

MD5
3ae8650eeffc4967f2f1ebfb9b6b7359

SHA1
9c137c381e30b2936d3c665c2c0b5b4962d2c488

SHA256
4bb3cad56b70759e1d45a994bf551b601edf141c535095c2f31fcb256d2aeeb9

SHA512
3ccd81639bea0eda7b723e3934e24dfdecb0e93d42a2c207e04720bf651bc158f9f27b66605cb6c40e1e7c0ba8afef9c1a414dc418d2fe47050cdb7409621af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe

Filesize
184KB

MD5
571989afbcc756a6d9ca9e7f728f8649

SHA1
17846c4d0fb963c72f666840aedc0d00b57bdada

SHA256
36993fa5ac758209772f67f1eef051ca7f5d757a4022a8c33abca7cac2a138c3

SHA512
c49a3b9f27a92dd642da3bcd4286c68fcafc26044f45561728f1dee89f5b04d2e524566438f53a10a9d33c2f25c44b34287d3df6c97ffd58c29f3b1842389f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe

Filesize
184KB

MD5
4d729be08f0b21ed6fe5e896c4850403

SHA1
53102c88603229b4d3cd0170c7745ab9ad508e37

SHA256
0726573011f9aaba122b2ade9ac7d6a594c2c6b3e2799325a6374a9f17b8b2d7

SHA512
034072c17e8cc76f8ddbcfc6db6961a92dccea9a9380434822458446d7ab0a98c24731f20d0a90bc25d0a30a6bc5764121aed9f9c15b80c41950801549fc3420

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe

Filesize
184KB

MD5
f024e0decb1ea67497ef1910ac50d5b8

SHA1
001f01dcdd378aebdd7b96567965414db0e30bb2

SHA256
a477c5d30f132ce0f1a50b15fdb14e54dfe0a1149cef0b2e173aaffd8f9c8db7

SHA512
6c4c236487c9c5a81f491453e666dd3c852f65a0d30d43dfdb653020dce7532b274a2ee1abc1bfdde708606c0aaf8e9f98cd12a79aacb4f2880adcf290738413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe

Filesize
184KB

MD5
b55f36356bf806619856ba46004d9155

SHA1
de6c669eca1ff52761ac04c9a6618c6c5046fd2f

SHA256
52a542602404df46075a698a3165f6d7eb2e253005032c1e0d8f0ded3c28f2aa

SHA512
571d7088cca2f8af3034a193303a8591e544486673bf059b8d40c75e34b01335af5b6632ff631b2a270507c9969d0c22f5c09d8f30e84485653f9c6d9f215618

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe

Filesize
184KB

MD5
e335ec405cd3bb4166699d27fe4d8a35

SHA1
02d4a671a6df6d52dfbed62e7d16ca1366ce67b7

SHA256
84485f81ae1e7855ca70fa380c78faa4e367e8ad96fb7c7f9b820c73c0b3bd5a

SHA512
387c19b75c8d4bbfd1eb2bdb955772c85e75e33db7686ba972b9bf4917ee58d24b06f80f32d45c0c9b02108268e987e21369cbe1a482d2ca93d1aaea9f4737dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe

Filesize
184KB

MD5
fd29a8563fdda39409fb353da3de4de1

SHA1
6cc3586a83b5e3399b71aa9197fc604bfccd5208

SHA256
ba503be8cc307f7bc61bebf13584d663e2e2d5507fc37c6fe1fc52df26f1067a

SHA512
81fba51f82a3c84d4475c482bcb58e9e717b3dc1147b14782460c8e95cfa2c2ad1d9fbacb50002640bb1a0259789c7607249c6b25e6056602035a80796e52824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16184.exe

Filesize
184KB

MD5
7953d18b8eeebb3928e19ba07d0bc72c

SHA1
f2b90bb5c597b4df0eee7221ec6a6c47b94f65a3

SHA256
7f7e5b62eca11a12db9415336fe6b1e5afdc4eb06621bc6be56a48d7e0931c61

SHA512
05b5eff43cd0cbd3399c16ec294684749ea2c3742d067a9b9f59afece8926c92e729543a798403709c9152bfb01d27560703cb001c6c09dc5fe19526fd1e5d3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe

Filesize
184KB

MD5
369cf9210632a4203f13e7f93f3f8d5a

SHA1
3fda07df54c6ec82f3f0b6a8292d3388e31374b5

SHA256
83dfc21c1bc1ec1ff41e7de23e4d4354a719f00ff8f8e79418f971bd7fe766b2

SHA512
066251968c154f9be8b1794e3259531ff95c94e4d559eef442b9875dc4720f8afb1643312756c827ddaa55a0184ada13a38ba051ad09d69d7edc92143bb003f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe

Filesize
184KB

MD5
bf43cdf46384bdc14d6f07e0889793c1

SHA1
acf6beeeb50189fd50fea4fb05b198aa462a4082

SHA256
051f89abf93faee90faeba39d85d11c82b0184b29ab798b5dfd3ce2a90bbb50a

SHA512
5cf0de384b8194c2bf019279023796ac77eff8dc129ad8bc5b3299ff9d205ad27e721dc65a4dfc80b3cd670e24f763bc103d65c0187ce809ad60393b9ee1afc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe

Filesize
184KB

MD5
69a69e9a7f6ce37a532b8d76bd0269af

SHA1
cd49e142834da235d047e3d43964ac934ae21555

SHA256
01b333c876bef2cfc9d42a922dc4fb793ec50468c8aa91b84fa6388acfeda4bf

SHA512
5b46410dde611864f90dfe90502b1c5f2aaa8eceaa63891bf66040ba912e290a04e3075eb10e25ea67163ae4bc97d87be008fc02dccbf3f70de078d5d9270a8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe

Filesize
184KB

MD5
3db6901382453f135965dd900610f9a1

SHA1
2b384013b338b04ded29d0c15afefe1d8e44de7c

SHA256
05ccf66a18910d4dfa75ec41ecd922b60eda54dc0d5014194af6643120b12035

SHA512
d387c1cfb0940bc21441b37ff16fa1fa6dd7c5ae3e4f7799fa820f124c474799cae29b820ddc8d66315fd1b6a9a6242a53902fa859d32c81f7a9b82aa1dca480

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe

Filesize
184KB

MD5
8475ae8ed3aa586c498112d9e36c1186

SHA1
9e1d8959f1c4118b07de41d7f8ccbee5eec400b9

SHA256
0ab83492a5455b2e25fb92d2d151ce767817d95ed0d7ddd8dd49fb163b1f1c0d

SHA512
14fa6a6504a1393023ddeb2394c1f2914560e0fac7390a7858f60a5249f64413e0683c95fc132b716664511ae3f7afab92842b712fffa04e808722747efff283

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe

Filesize
184KB

MD5
c22038b2b7e3063b2b700e6fd0558ec1

SHA1
8e737791128a5ee304c11a8e55f8dd22a5be3b6e

SHA256
8c2377ad830b95a4b021f1fcb86aa9f6dd9d22cab339dddb5dcbb65a61e1a622

SHA512
2f4a051bc6582f2172105b06bffe9aef52d27be4dc9ea021c0913a00538a821058451fb8a76836c265d11e3c9aa802cf6a25d623e488b5dae3e4bf805fa61da0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe

Filesize
184KB

MD5
256485324bef1e3a27de4edbabbd843b

SHA1
bd965f9f2bbeebcf6ed5f73dbfb550b3fa488c14

SHA256
445b500a9b81f0545e01b98f9f23205d771ddfd3c05163240248857dc34aed50

SHA512
f5084707fb5b777331b2afadfc8bf8f8971805720b9cec92c99a77bd55fc60ebe50841e980bce817429cfaf5cd8f4695e38ba294416148a00cba1583156b3850

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe

Filesize
184KB

MD5
dbef5bb7188360eb15dc15b027e494df

SHA1
877935c29bcb7551fdca101a54f55e8a51599333

SHA256
35589a3ec8d1d088ad5a40625b6a6549f33599675cf7c6d7c58ba1f508b8709c

SHA512
565af5ac359c1c2a8b78768cc6dc64328e241529e8f52bf760875562b521f9b3a00a9df8efe557b6780cafc73d62e3d8545d733a7d3429ed38d2764d8702ed2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe

Filesize
184KB

MD5
be7823b6300d09bc9129ea3e1ee722ee

SHA1
b95542cc7f113ce039b5e371bcb3d1de95d888d4

SHA256
e6ccc6a2a3a2efdecc29ff1219c6938487e556e744dee43ede2d232556837609

SHA512
df225505e0c4bc1bdc48e51be35d36ffc0eb7bba477d8547b053f37728e9c70af5af3c9c12376de01b938dacf772521992aaee767508fd0bc67fd88826cbd55e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe

Filesize
184KB

MD5
352244f48f1d403e6ec20566b3af4f0c

SHA1
e2189fba5884192fb34f2e6655c414cce61aa62a

SHA256
4468b76893599042efb5ad01577a82feb97fccfddf90295259b16c80f56d337c

SHA512
8b90d6c5107fab0519a892f6c5f7c3a7e1565c456bf6172d320857acedb4dfb25a80c0d1f6242543514bc64b17a3378174f0cd590a0b90dc3dcf65a87f04e974

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe

Filesize
184KB

MD5
d6a8979ec7fc9a12d08ebcc63840ae14

SHA1
da1f7abebae7b35e170a2dbf13788186e81b3f06

SHA256
bdb924670f52392ced1321578e89e55f9682eab82604a96545ba85dcc9f72dad

SHA512
e48afa4cd20e4ba5b9aabb6aa906c191c87cd9e1ced416dbe50f6d0c8c9864546ffcd76e9a75ef909b44b2ad0949b4989fecd837369e7b18d105f408640ccbf9

Download Submit