e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe
Size

468KB
MD5

a20d62bb436354daaf657e0516b66c90
SHA1

0d6be8a0ca1989bb1cda26ab363e6a29c6b2b9fb
SHA256

e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316
SHA512

87e2abd84486ef310e4df6e58d2e71ae07c60f0f9b84222e0d816fcdc8a4ec045d198ece2f2a3cbfc2abb78619923d503f154bddfd37edebdea00733dfb90fb2
SSDEEP

3072:4belogxaIU57tbYZPzWzmbfD/n2GnsIHzQmyeQVDxf4uklFUuxulu:4b4oCc7tCPazmbfga52f4/rUux

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2144	Unicorn-15801.exe
2196	Unicorn-42417.exe
2636	Unicorn-14383.exe
4844	Unicorn-1104.exe
2808	Unicorn-38607.exe
948	Unicorn-58473.exe
1480	Unicorn-44175.exe
1100	Unicorn-56117.exe
396	Unicorn-47949.exe
1116	Unicorn-47949.exe
1256	Unicorn-6594.exe
2836	Unicorn-12707.exe
1660	Unicorn-26442.exe
4372	Unicorn-32308.exe
3656	Unicorn-14015.exe
408	Unicorn-27441.exe
4220	Unicorn-19273.exe
4724	Unicorn-28187.exe
836	Unicorn-48053.exe
1500	Unicorn-15935.exe
5048	Unicorn-31010.exe
1720	Unicorn-44746.exe
3140	Unicorn-41946.exe
1996	Unicorn-59848.exe
116	Unicorn-44746.exe
1204	Unicorn-53865.exe
1924	Unicorn-35483.exe
3828	Unicorn-9879.exe
872	Unicorn-26407.exe
2168	Unicorn-34213.exe
4240	Unicorn-2095.exe
1436	Unicorn-54825.exe
4796	Unicorn-3439.exe
2444	Unicorn-11052.exe
4392	Unicorn-56169.exe
1992	Unicorn-14182.exe
4236	Unicorn-23113.exe
2364	Unicorn-36111.exe
4676	Unicorn-24958.exe
4712	Unicorn-31089.exe
4900	Unicorn-30824.exe
1928	Unicorn-22921.exe
5088	Unicorn-63688.exe
3104	Unicorn-57823.exe
3484	Unicorn-26235.exe
1128	Unicorn-30897.exe
652	Unicorn-14560.exe
2400	Unicorn-262.exe
1420	Unicorn-1.93787642675E+113.exe
1328	Unicorn-35727.exe
5036	Unicorn-19687.exe
2348	Unicorn-40373.exe
3916	Unicorn-30158.exe
3020	Unicorn-21990.exe
1536	Unicorn-32013.exe
1360	Unicorn-13246.exe
3468	Unicorn-46740.exe
4400	Unicorn-58800.exe
4728	Unicorn-12744.exe
4440	Unicorn-12744.exe
2032	Unicorn-63289.exe
3432	Unicorn-55121.exe
4448	Unicorn-55121.exe
4408	Unicorn-1644.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
7352	2092	WerFault.exe
9784	6480	WerFault.exe
8396	6844	WerFault.exe	271
12960	6480	WerFault.exe	405
12924	2092	WerFault.exe	406
18308	8172	WerFault.exe	361

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn--4.68361943325738E-96.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn--8.63132271264963E-63.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn--8.55899319271122E-66.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn--1.01561637844675E-44.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21430.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe
2144	Unicorn-15801.exe
2196	Unicorn-42417.exe
2636	Unicorn-14383.exe
4844	Unicorn-1104.exe
2808	Unicorn-38607.exe
948	Unicorn-58473.exe
1480	Unicorn-44175.exe
396	Unicorn-47949.exe
1100	Unicorn-56117.exe
1116	Unicorn-47949.exe
2836	Unicorn-12707.exe
1660	Unicorn-26442.exe
1256	Unicorn-6594.exe
4372	Unicorn-32308.exe
3656	Unicorn-14015.exe
408	Unicorn-27441.exe
4220	Unicorn-19273.exe
836	Unicorn-48053.exe
4724	Unicorn-28187.exe
1996	Unicorn-59848.exe
3140	Unicorn-41946.exe
1720	Unicorn-44746.exe
1500	Unicorn-15935.exe
116	Unicorn-44746.exe
5048	Unicorn-31010.exe
1204	Unicorn-53865.exe
1924	Unicorn-35483.exe
3828	Unicorn-9879.exe
872	Unicorn-26407.exe
2168	Unicorn-34213.exe
4240	Unicorn-2095.exe
1436	Unicorn-54825.exe
4796	Unicorn-3439.exe
2444	Unicorn-11052.exe
4392	Unicorn-56169.exe
1992	Unicorn-14182.exe
2364	Unicorn-36111.exe
5088	Unicorn-63688.exe
4712	Unicorn-31089.exe
4676	Unicorn-24958.exe
1928	Unicorn-22921.exe
3484	Unicorn-26235.exe
4900	Unicorn-30824.exe
3104	Unicorn-57823.exe
1128	Unicorn-30897.exe
2400	Unicorn-262.exe
1420	Unicorn-1.93787642675E+113.exe
1328	Unicorn-35727.exe
5036	Unicorn-19687.exe
652	Unicorn-14560.exe
2348	Unicorn-40373.exe
1536	Unicorn-32013.exe
3916	Unicorn-30158.exe
3020	Unicorn-21990.exe
1360	Unicorn-13246.exe
3468	Unicorn-46740.exe
4400	Unicorn-58800.exe
4728	Unicorn-12744.exe
4440	Unicorn-12744.exe
4448	Unicorn-55121.exe
2032	Unicorn-63289.exe
3432	Unicorn-55121.exe
4408	Unicorn-1644.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 2144	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	88
PID 4208 wrote to memory of 2144	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	88
PID 4208 wrote to memory of 2144	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	88
PID 2144 wrote to memory of 2196	2144	Unicorn-15801.exe	95
PID 2144 wrote to memory of 2196	2144	Unicorn-15801.exe	95
PID 2144 wrote to memory of 2196	2144	Unicorn-15801.exe	95
PID 4208 wrote to memory of 2636	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	96
PID 4208 wrote to memory of 2636	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	96
PID 4208 wrote to memory of 2636	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	96
PID 2196 wrote to memory of 4844	2196	Unicorn-42417.exe	99
PID 2196 wrote to memory of 4844	2196	Unicorn-42417.exe	99
PID 2196 wrote to memory of 4844	2196	Unicorn-42417.exe	99
PID 2144 wrote to memory of 2808	2144	Unicorn-15801.exe	100
PID 2144 wrote to memory of 2808	2144	Unicorn-15801.exe	100
PID 2144 wrote to memory of 2808	2144	Unicorn-15801.exe	100
PID 2636 wrote to memory of 948	2636	Unicorn-14383.exe	101
PID 2636 wrote to memory of 948	2636	Unicorn-14383.exe	101
PID 2636 wrote to memory of 948	2636	Unicorn-14383.exe	101
PID 4208 wrote to memory of 1480	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	102
PID 4208 wrote to memory of 1480	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	102
PID 4208 wrote to memory of 1480	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	102
PID 4844 wrote to memory of 1100	4844	Unicorn-1104.exe	107
PID 4844 wrote to memory of 1100	4844	Unicorn-1104.exe	107
PID 4844 wrote to memory of 1100	4844	Unicorn-1104.exe	107
PID 1480 wrote to memory of 1116	1480	Unicorn-44175.exe	108
PID 1480 wrote to memory of 1116	1480	Unicorn-44175.exe	108
PID 1480 wrote to memory of 1116	1480	Unicorn-44175.exe	108
PID 2808 wrote to memory of 396	2808	Unicorn-38607.exe	109
PID 2808 wrote to memory of 396	2808	Unicorn-38607.exe	109
PID 2808 wrote to memory of 396	2808	Unicorn-38607.exe	109
PID 2196 wrote to memory of 1256	2196	Unicorn-42417.exe	110
PID 2196 wrote to memory of 1256	2196	Unicorn-42417.exe	110
PID 2196 wrote to memory of 1256	2196	Unicorn-42417.exe	110
PID 2636 wrote to memory of 2836	2636	Unicorn-14383.exe	111
PID 2636 wrote to memory of 2836	2636	Unicorn-14383.exe	111
PID 2636 wrote to memory of 2836	2636	Unicorn-14383.exe	111
PID 2144 wrote to memory of 1660	2144	Unicorn-15801.exe	112
PID 2144 wrote to memory of 1660	2144	Unicorn-15801.exe	112
PID 2144 wrote to memory of 1660	2144	Unicorn-15801.exe	112
PID 4208 wrote to memory of 4372	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	113
PID 4208 wrote to memory of 4372	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	113
PID 4208 wrote to memory of 4372	4208	e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe	113
PID 948 wrote to memory of 3656	948	Unicorn-58473.exe	114
PID 948 wrote to memory of 3656	948	Unicorn-58473.exe	114
PID 948 wrote to memory of 3656	948	Unicorn-58473.exe	114
PID 1116 wrote to memory of 408	1116	Unicorn-47949.exe	115
PID 1116 wrote to memory of 408	1116	Unicorn-47949.exe	115
PID 1116 wrote to memory of 408	1116	Unicorn-47949.exe	115
PID 396 wrote to memory of 4220	396	Unicorn-47949.exe	116
PID 396 wrote to memory of 4220	396	Unicorn-47949.exe	116
PID 396 wrote to memory of 4220	396	Unicorn-47949.exe	116
PID 2808 wrote to memory of 4724	2808	Unicorn-38607.exe	117
PID 2808 wrote to memory of 4724	2808	Unicorn-38607.exe	117
PID 2808 wrote to memory of 4724	2808	Unicorn-38607.exe	117
PID 2836 wrote to memory of 836	2836	Unicorn-12707.exe	118
PID 2836 wrote to memory of 836	2836	Unicorn-12707.exe	118
PID 2836 wrote to memory of 836	2836	Unicorn-12707.exe	118
PID 4844 wrote to memory of 1500	4844	Unicorn-1104.exe	119
PID 4844 wrote to memory of 1500	4844	Unicorn-1104.exe	119
PID 4844 wrote to memory of 1500	4844	Unicorn-1104.exe	119
PID 1480 wrote to memory of 5048	1480	Unicorn-44175.exe	120
PID 1480 wrote to memory of 5048	1480	Unicorn-44175.exe	120
PID 1480 wrote to memory of 5048	1480	Unicorn-44175.exe	120
PID 2196 wrote to memory of 1720	2196	Unicorn-42417.exe	121

C:\Users\Admin\AppData\Local\Temp\e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe
"C:\Users\Admin\AppData\Local\Temp\e1051fee21f4cff4799b29fca1ff43aa2020cc7825fc56c92c4db35cf5266316N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        10⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        9⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        9⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        9⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42515.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        9⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        9⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        9⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        9⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        8⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        7⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        9⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        8⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        8⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        8⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        7⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56871.exe
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        7⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        7⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        8⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        9⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        9⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        9⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        8⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        9⤵
        Program crash
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 308
        9⤵
        Program crash
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        8⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        8⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17294.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        8⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        7⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22470.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        6⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18941.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14207.exe
        5⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        7⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        6⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37884.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
        6⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4836.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53609.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        6⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 492
        7⤵
        Program crash
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59013.exe
        6⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        8⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        7⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
        6⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        5⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        7⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        6⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        6⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        5⤵
        
        PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        7⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27766.exe
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        6⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        5⤵
        
        PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        5⤵
        
        PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
      4⤵
      PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
      4⤵
      PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12220.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        9⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        9⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        9⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        7⤵
        
        PID:516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58048.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        7⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        8⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        8⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        7⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35955.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        7⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        6⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        7⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48231.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        5⤵
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        5⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2922.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        5⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        5⤵
        
        PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        5⤵
        
        PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
      4⤵
      PID:14684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        7⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        7⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        7⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        6⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        6⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        5⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
        6⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        5⤵
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
      4⤵
      PID:17388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        5⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-648.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        5⤵
        
        PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        5⤵
        
        PID:13692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        5⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        5⤵
        
        PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
      4⤵
      PID:13628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42065.exe
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        7⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        5⤵
        
        PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
      4⤵
      PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
      4⤵
      PID:16660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
    3⤵
    PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        5⤵
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
      4⤵
      PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
    3⤵
    PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
    3⤵
    PID:10028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
    3⤵
    PID:16256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        9⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        9⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        9⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        7⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        7⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        6⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        6⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        6⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        8⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        8⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        7⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        6⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        7⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        6⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        6⤵
        
        PID:15956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Unicorn-1.93787642675E+113.exe
        
        \Unicorn-1.93787642675E+113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Unicorn--4.68361943325738E-96.exe
        
        \Unicorn--4.68361943325738E-96.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
        
        C:\Unicorn--5.09339215300877E-59.exe
        
        \Unicorn--5.09339215300877E-59.exe
        7⤵
        
        PID:6676
        
        C:\Unicorn--8.55899319271122E-66.exe
        
        \Unicorn--8.55899319271122E-66.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10928
        
        C:\Unicorn--5.89901814744642E-187.exe
        
        \Unicorn--5.89901814744642E-187.exe
        8⤵
        
        PID:14240
        
        C:\Unicorn--8.43583189474119E-184.exe
        
        \Unicorn--8.43583189474119E-184.exe
        7⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 268
        8⤵
        Program crash
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 268
        8⤵
        Program crash
        
        PID:12960
        
        C:\Unicorn--1.61636996907226E-186.exe
        
        \Unicorn--1.61636996907226E-186.exe
        7⤵
        
        PID:12456
        
        C:\Unicorn--4.25736819919054E-181.exe
        
        \Unicorn--4.25736819919054E-181.exe
        7⤵
        
        PID:15396
      - C:\Unicorn--1.3440563047656E-199.exe
        
        \Unicorn--1.3440563047656E-199.exe
        6⤵
        
        PID:6944
        
        C:\Unicorn--1.62298243910526E-60.exe
        
        \Unicorn--1.62298243910526E-60.exe
        7⤵
        
        PID:11884
        
        C:\Unicorn--5.10517424223395E-177.exe
        
        \Unicorn--5.10517424223395E-177.exe
        7⤵
        
        PID:13796
      - C:\Unicorn--4.6486199876323E-200.exe
        
        \Unicorn--4.6486199876323E-200.exe
        6⤵
        
        PID:9996
      - C:\Unicorn--3.7151323772923E-199.exe
        
        \Unicorn--3.7151323772923E-199.exe
        6⤵
        
        PID:13348
      - C:\Unicorn--1.04901464486921E-212.exe
        
        \Unicorn--1.04901464486921E-212.exe
        6⤵
        
        PID:16032
    - - C:\Unicorn-4.79359425406968E+224.exe
        
        \Unicorn-4.79359425406968E+224.exe
        5⤵
        
        PID:5556
      - C:\Unicorn--1.01561637844675E-44.exe
        
        \Unicorn--1.01561637844675E-44.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6732
        
        C:\Unicorn--8.63132271264963E-63.exe
        
        \Unicorn--8.63132271264963E-63.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13720
        
        C:\Unicorn--4.79765674438693E-186.exe
        
        \Unicorn--4.79765674438693E-186.exe
        7⤵
        
        PID:16576
      - C:\Unicorn--9.67545170840916E-180.exe
        
        \Unicorn--9.67545170840916E-180.exe
        6⤵
        
        PID:8604
      - C:\Unicorn--1.65974324591792E-186.exe
        
        \Unicorn--1.65974324591792E-186.exe
        6⤵
        
        PID:12404
      - C:\Unicorn--1.05722614807727E-184.exe
        
        \Unicorn--1.05722614807727E-184.exe
        6⤵
        
        PID:16328
    - - C:\Unicorn-2.90405802655767E+206.exe
        
        \Unicorn-2.90405802655767E+206.exe
        5⤵
        
        PID:7308
      - C:\Unicorn--2.82991619760735E-58.exe
        
        \Unicorn--2.82991619760735E-58.exe
        6⤵
        
        PID:12268
      - C:\Unicorn--1.304295594997E-185.exe
        
        \Unicorn--1.304295594997E-185.exe
        6⤵
        
        PID:1312
    - - C:\Unicorn-4.8720134061943E+283.exe
        
        \Unicorn-4.8720134061943E+283.exe
        5⤵
        
        PID:9212
    - - C:\Unicorn-8.52420825465292E+285.exe
        
        \Unicorn-8.52420825465292E+285.exe
        5⤵
        
        PID:13928
    - - C:\Unicorn-2.55289959996257E+281.exe
        
        \Unicorn-2.55289959996257E+281.exe
        5⤵
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14873.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        6⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
      4⤵
      PID:17424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55121.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52728.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        6⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
        7⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        6⤵
        
        PID:12500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        5⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        5⤵
        
        PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20093.exe
        6⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        7⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        7⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        6⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        5⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        5⤵
        
        PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
      4⤵
      PID:11232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
      4⤵
      PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
      4⤵
      Executes dropped EXE
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
        7⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6297.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        5⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        5⤵
        
        PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
      4⤵
      PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
      4⤵
      PID:10196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
      4⤵
      PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
      4⤵
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        6⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        5⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        5⤵
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
      4⤵
      PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
      4⤵
      PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
      4⤵
      PID:16480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42299.exe
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        5⤵
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
      4⤵
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
    3⤵
    PID:9744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
    3⤵
    PID:8224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
    3⤵
    PID:15892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32921.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        7⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
        5⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        7⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        6⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        5⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        6⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37280.exe
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18521.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        6⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        5⤵
        
        PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        5⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
      4⤵
      PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
      4⤵
      PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17715.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        6⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 724
        7⤵
        Program crash
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        6⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6683.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39332.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        6⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        5⤵
        
        PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
      4⤵
      PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
      4⤵
      PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
      4⤵
      PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        6⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        5⤵
        
        PID:15440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
      4⤵
      PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        5⤵
        
        PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
      4⤵
      PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        5⤵
        
        PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
      4⤵
      PID:16224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
    3⤵
    PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
      4⤵
      PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
    3⤵
    PID:15556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
    3⤵
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        5⤵
        
        PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
      4⤵
      PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
      4⤵
      PID:16332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
      4⤵
      PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
      4⤵
      PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
    3⤵
    PID:8892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
    3⤵
    PID:8320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
    3⤵
    PID:15180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44405.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        5⤵
        
        PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        5⤵
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63615.exe
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
      4⤵
      PID:16232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        5⤵
        
        PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19068.exe
      4⤵
      PID:16052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61487.exe
    3⤵
    PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
    3⤵
    PID:9544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
    3⤵
    PID:13172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
      4⤵
      PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
      4⤵
      PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
      4⤵
      PID:15228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
    3⤵
    PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
    3⤵
    PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
    3⤵
    PID:13828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
    3⤵
    PID:3376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
  2⤵
  PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
    3⤵
    PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
      4⤵
      PID:15128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
    3⤵
    PID:14476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
    3⤵
    PID:17660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
  2⤵
  PID:7924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
    3⤵
    PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
    3⤵
    PID:4484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
  2⤵
  PID:10652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
  2⤵
  PID:13772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:17020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6480 -ip 6480
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2092 -ip 2092
1⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6844 -ip 6844
1⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2092 -ip 2092
1⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6480 -ip 6480
1⤵
PID:12556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe

Filesize
468KB

MD5
2b8207b0ab0ae1d88f148bdf0ea6cb78

SHA1
b2be5c5617384a9999dd015cc4359aee38223e01

SHA256
638c880449859ba2ede309ac8cb6e50c0a3e99c6dadea1c16cbad9daa02de80d

SHA512
e80addc5d219018ef1a2a3447c3ab4625a7e9d78705ba850d48cd93b7326b4068926e7e686b6215ab85522aec2f83664007375bd35e3ebf058657adc095ba320

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe

Filesize
468KB

MD5
c924e564d2e77eac08b829401223c528

SHA1
8781e374ae51b8d12dd5a6e1ea9a788c8cf73677

SHA256
da1918534e432e79e66c733f2ca480f0d11e82e4d24a7865d7bbce407533faa0

SHA512
228f6c67c9d225012952a0137568f3e1e206b6738fc0547ebcf43684f14744fa5a5138170480ab444a5360b48859c1a13fb982b2e20d2b5488491aae02c25e14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe

Filesize
468KB

MD5
286d7bc21bbe7e0ee82db3676d602bf0

SHA1
87b2361da2036501fd38cd20b05bee35a2a08961

SHA256
3287fa4891d91756e348443d83823af16f12efe8e1197d1e06ac3dc93caaca3d

SHA512
3df54e4b9fecb3eb814aa6e9f96841542f84e05d99d4e39d88e3ff18af000715620a91e66a2f7405a22e7531d3e7c6d729d7628205217f4daf4e92139e79bb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe

Filesize
468KB

MD5
7733dbc9d0646aa75acc8d68b8f8c76d

SHA1
51cf2417c91921989e08f532ee5eb5345b9c6d5b

SHA256
ed4d6c52f23a09b53f0c318018c2893282236316d31bb34fcd18d9ab82b25136

SHA512
17006f181d5f46da040a8dffd42828c90291cb951792337b6ad97bca8054eda646bab08931cf575080cbbe8a9a7cca037346414c4c9d9e0c59766e21bce7c17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe

Filesize
468KB

MD5
95089fe2cf60c68d05636d2552d30119

SHA1
3a7bdc0ced92b2116d118a935972ed3acced09fc

SHA256
c6615680f2f8b4bbcb74a43ee038c856d478dc7d1ba49fb9247386ab9b9f089e

SHA512
e4d3d3c0e34e3c978506b21d3b46d3418f482ca6f7695b5dfdbecaf1d867123b95ef4f99152434cae1a503d4f792d6dfe68843ea4e4799e7ea8ced0ed1f3e279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe

Filesize
468KB

MD5
d703e276185cf40c9ee1e21962c71582

SHA1
ee7d938fe0c0da416fa3ce0a1607b09667718b13

SHA256
457ffd066a133f3daabc23e1e586700699f3b3a49944cb0288c3fcdf1fb6b56c

SHA512
d25fcbad9ebc0e1713986648bf64156776fd55abf03e6bc5d12a2b49b7221d1976e7d8c2a037a03950cd9847dbaad0e1bfb3cd0b315ba1dd9e63a9efac2fd7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe

Filesize
468KB

MD5
5d863f5daa430ffe79ba0abceee72163

SHA1
802fff159977df7c8bdc2717a28625fb7fe4ee7e

SHA256
8dcf19be8633dc3545fe210702d8b3c3715997adae5b7cefe4bfe2ca5fa929a3

SHA512
2c9e582ece3996b2863acbde77f6f280dfa646d44ee80678e640e01e3dc0671348ab6303475f29582bd6b5d1148b8bed54627e51ff66ae4e69039519c04adebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe

Filesize
468KB

MD5
4ae8025314bdae114da2d22ca69d349b

SHA1
726e4c786f4b187ba6389c729920c53af6e852ee

SHA256
a95b2caa4ca106f9dcf0ba74c36a2d0d47787be0c2e4dade71521e190dc8f31b

SHA512
0b64417cb89675cb4e36a79c514ba0220f637b48625d15ef8192be57475f7e02281b23cb714ba84548d2b1673ede051e3cb5a58c6194ea0b30bd4a902c0224be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe

Filesize
468KB

MD5
bf8404d90aef30aae950e1c0eaa16813

SHA1
75ecfcbbff38450e223517ea1b762f4145ef26f4

SHA256
c47e2ac0877a55e629dd29a3852773f881546277da29cf9a41ceb7f94ac7f863

SHA512
ceb1e8ccb48d472a78b21f1938b332e867d1f305be5fe45735e418ac348b90ae69e64636721d5bd3b5a464760e8cf6b5a32a86aefef901b4d5536e36d1ea0aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe

Filesize
468KB

MD5
5cb8769b6d0e4202a432405c87422c24

SHA1
841c0aa676d69634276f93f684ec87634431253d

SHA256
f88d8946cd73e0ea22a9ed6315f3eae3de4ed3be7ae80bbd4d487ea93d4d3d3f

SHA512
4c034615b64949113823852b19314c6fc9d77d4558ff5a035c4669faf76b2766b2e2628942f30facb6de260c8d3473070cae14367a0f6051aa19d00355f26e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe

Filesize
468KB

MD5
7ec4b616c7c75c8ffbe8335a8761b3ad

SHA1
e01d0767e4c0737fb09edad181059e895f5a9a56

SHA256
0343ef222e9aa78d80a11eb727e3fbd6aacfc727d43c8865a823ab4cef7340b6

SHA512
6fd6a0872fe82d9b9b6a510c318f702f11d03263a5810489ecebd3f1ed176e11cd50e6ad8a9beb23c8e7bf277a5f554856c71084b6d1f225e927bde8848f7e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe

Filesize
468KB

MD5
a4af16e11852fe49beb7a7dbe2d43002

SHA1
9022f7d516ca1a49a96aee469fe001b6734afb06

SHA256
a44e976748755c2d893cec10fa43ee99f1a2b7184fceb45d78b5f142f98f9d8b

SHA512
d958aa1b9adaa5c4b2bae2d138e44dc940d8b646566b6c98304f11520828b8bae98d3d7d3e175303dbfe20f20b3d08bb68aec4f4558a30bb398b15c72c42dc58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe

Filesize
468KB

MD5
376a1328e151ff885cc66f262a543165

SHA1
99c0e0cc63db2271c8e23128cec1f42c16668184

SHA256
38af82108dbad0167e8a79024e1bf606bfb4a8100c258b22ca01e404df8c435c

SHA512
883741e96e579951a70f9af828740d4df7b83b3d6662a0c0e83621b9d4df9d3a272515549d9f872a9852b65874aef3a07d546276758505df7b68a8b9f0941aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe

Filesize
468KB

MD5
a1d9a9632d6ceb0a0d38df214576b2dd

SHA1
599cfbe4e2e0b2e78d57e13dbdcac3f9e89fa633

SHA256
5ea9451f4fb93b1f037671d50d18e49d0b99b0523b1874b47edb7723ff078cc3

SHA512
3ac8504ebee8f2618d3b0a896ed26fcd1b27348a326b717a3721bfcfd7d58c09bdb0a775db20d3e628d961727cb220c3b395b40eb3d4f147012f678902a1a6cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe

Filesize
468KB

MD5
62d02ccc0860a4fbd7a7025fa8bdee64

SHA1
9641340b117881a38965ae0d0a106e6911da4d42

SHA256
bb18415e8621ad78fdf3a771ac8497d5f8bef42220ba65f1084b5cb1e31215f9

SHA512
ebaa224319fd65c74ba9f83d1c77d1e7a2ae9f510cf97a98cce598b2cb36e4c1876185b6db8d080fd9e841f550118faffd827c303f02128c9362c8a09e9896c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe

Filesize
468KB

MD5
f3cf6f749d0f770a92c3d7abeb659308

SHA1
6fb625ba8e05a64566b26583c00f103f940381b0

SHA256
ef91eb5e9585f64dfd5d427565d53400c08763592ae4ac267d3491391dfd4cdd

SHA512
6ef1e20d425d12d49747d510bcdc74d22605b5a7e79054856b1434da49b500572be387ddae4c972f6b4543a3fa10c08e2c8f3285e05eddee756f4a34f7c09a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe

Filesize
468KB

MD5
e8c92dca3f4ae5a56b98693d0c11e011

SHA1
ddef0d026b2aee3d3bcb5af2bcf1e48d963c22db

SHA256
38f41a6f10873ae1951ffbe99d587ef432495f6e74dfda62be86090c8c91c103

SHA512
a3fe1bc7410be9334bbdc6a640d88a32901db5b4fef65c0f9d0d361ec55c9665b32dd2980904e524f00f483dc91b420b12ff1e3b627f31cb20bb42e1cc268db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe

Filesize
468KB

MD5
dfa17b228c4a97daa5ec0114629a5ee0

SHA1
3b386429b333d5650dda3556023c4375f7e8e1ac

SHA256
f9b92ac11cbe83533f72112c08b71a6d70e4db804eab924205666c049a2b66c0

SHA512
f94adb10acd08ce0f367dfdddbe79aec2456f9db28f6c8a7991238feb33a95c077ecb3664a612dfdceb0c00c724d92eaf7a7c699db471c0eca970a3e0fe62de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe

Filesize
468KB

MD5
ef4823b4a77f7484eaed93018c338f7e

SHA1
64d06442c586d1438c321831db5a3a214d8e2b59

SHA256
233265912979894d7c0a82279114c01ad3a895867163a35e2c5cb8954f5ae066

SHA512
1d5566e4719a6f7165c58c3e76fa3f0f4d298fe7d13ac09ca3ec3f1e022d3b26a2723680c617ed91ca0c9e58f9fa88799ceceb23c8dc211dbd23f34fdb089dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe

Filesize
468KB

MD5
5ae54d6efdc7c667f17a41c69f5ef62c

SHA1
ebbbb1f9eee0668473532d81fbd3925cabbe85c3

SHA256
d48581da546a66bf0344de53b51f39697c44ac31f973c19a42255d4de16ac1f3

SHA512
2bd8859881d5b95a3123a680fba5b1e0d497725bb354cc28bb4b5fbbba4c52fc27f6500c851d75020ab848b421c2d1564bdab7faa80fe86e585ebf6acee041df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe

Filesize
468KB

MD5
498df52bf5563dc50988f82099049d31

SHA1
3c027999fa233172d7521ae7212149ea58b283be

SHA256
65745ae6e9af82a941eab12c7789cca0d7f1c946048719d7c51e97cdf245e826

SHA512
a214953d1d2e54d96dc2874053843edc3371e9752fab613ef928f8d58204a5a08a134941b9653f696caa7af27c1c52febf08106c484e30767880e1ab7c1f25ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe

Filesize
468KB

MD5
961f123cfae19013f170fcfe83f4a7e7

SHA1
8264324c347de8c5a7b10a3cf379f0ab1bf11c38

SHA256
c4c2f8c3df6333668e94f49cd909dded0e26851d8bd24cc4a41cc93923367024

SHA512
c8d3d45729f35cb6081a9a0f98a6499a04811c0f5a72a5bc78e3ef1de5e2b2a00dbfef3ff1325f28aad05814b30aa50d897a62e523d4f13d58870ba81863aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe

Filesize
468KB

MD5
7a19aa4dee9e7d5e7a6d45a6be74caf8

SHA1
4dbf59aad6e3d86a0c29545e740e149fc4f92ca1

SHA256
c1c478661789608939310fbbf00c4c688b95fce5de7466c69abcdc98724ae64e

SHA512
f8e4a58c08dc657abdfeaa137b5b34c881089b3e7b7be4c26600cfad7b1aab9fbe62e8b8808b2f62f0388de97a5fb5b590c5a81e10496e2b871cd205d58bbe3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe

Filesize
468KB

MD5
88aa969af6d5432c2f1949402bda8672

SHA1
c3b72513899693a8dbc2ca164d3084788baa44a9

SHA256
4ee2870f0946a78c0cb8be3718c125b6923ef72fd974e8372b6db2275c142b1a

SHA512
c88036ca4abfcd76a8edaa59b2cb871d43db8d25a7509e04a9e524d8d9865a2a0ba91ad525f54081e3b1eb4f7d23f0b89227e844a0025ba7716289b417cd9ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe

Filesize
468KB

MD5
d28e4fca0d815e252054ecb855d7d70c

SHA1
0899b79c0e619889c5116bf969d02ee37876e87e

SHA256
a0b887a61b329871c4caf1ae48bc8abe8769d3731ce2ea315df7eb67ec6619d0

SHA512
769744c45dcab9fe13213072467423ebb284495866404ea040e8d44fffb97f54339c7a845c8911c2e631245f1509a8ef5caa09c9d561eed1a0a38f6c284c17a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe

Filesize
468KB

MD5
7fc8016d7c69b7ce0aabb2543591de0e

SHA1
b6184163f0fec0a15b45ed4aae8310bb209f7e15

SHA256
d53001a178f56028af46ae90fd1888e8fe4d105191b9fcfbe2c0ddd3eb84f8d7

SHA512
08871cf38da0e48f72a053d502af088f402b929a71cde3e391e83837237dc46e6c2226b0139baa221d7e99238b4d1581b6de01cf7728a05c1f13a6f378c7d06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe

Filesize
468KB

MD5
de8535f04392bdca9df021872fd0afda

SHA1
fb509e0827d44838cbb9c11352763da8bf9e5906

SHA256
d00bdd435c836fbb80691e3a3a7ee51a83474276f6efaca1d484ac350b520837

SHA512
c8061aed98875abeac8df64bc1a924ede34d10882996d629e5d8f47a78898087ddd35def5b31abbb4393dd2cd1bd626a513209ec0338789c5fbbabc1f9724820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe

Filesize
468KB

MD5
718cb699b18e3edde04e55099b1cadcb

SHA1
ae28b3433b03cadfc1afb59edc6621a81edeff63

SHA256
10383ee9a9a0d2f42d6277e1306e8bbd255184a1a188fca2481981b0681d449f

SHA512
ab35f6afa95f35d2e3eea122328614b9e06d96ec6a4a3ea7509447869be75157ca9facdd77b5f84ba135b14e8ccccd8866d8f22f8e95a9c9b97db01eb2780ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe

Filesize
468KB

MD5
7d5d4569d9ef9f1eca659a5802f368a3

SHA1
d0a8661f50193d29fadab3626cdf5642547d6057

SHA256
a2100a84d3529788a4bb1df676f3e9668b94c486f4224ef0108a58841be46601

SHA512
4ab2fb40e40f7cd600501ceacc7b48b216cdde5afed841f5a030e8aa88d9e558e695ddbaf81072c947cb4b66fce8f24de480a87acb3f4a5354f1a45c5d455380

Download Submit