2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5

Analysis

max time kernel
87s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe
Size

468KB
MD5

3987aac78ee70ae851ac8042b577330d
SHA1

dca3703baed75d833c43bad7782c37f46a4a403c
SHA256

2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5
SHA512

ed6502137bebb8c24ad41b3b9d579013f2f27b534d725209030b48e2d3b49c0ae522e55f8a166e61d83f7a4a0a8ac7c2f04ed08f13d6497d1638b880896cb733
SSDEEP

3072:4belogxaIU573rYZPzcfmbfU/82DnsIHzQmye2VDAfauktibuxVlVJ:4b4oCc73SP4fmbf7a5Nfa/Ibuxf

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3644	Unicorn-43435.exe
4580	Unicorn-47083.exe
3320	Unicorn-14965.exe
1544	Unicorn-5303.exe
4836	Unicorn-30170.exe
5056	Unicorn-24463.exe
2632	Unicorn-10164.exe
1692	Unicorn-27919.exe
2248	Unicorn-9122.exe
1516	Unicorn-28796.exe
1988	Unicorn-10413.exe
1160	Unicorn-52423.exe
4960	Unicorn-16544.exe
1972	Unicorn-19921.exe
1096	Unicorn-39522.exe
3788	Unicorn-17551.exe
3392	Unicorn-9382.exe
1036	Unicorn-58758.exe
3036	Unicorn-23533.exe
2332	Unicorn-63243.exe
1932	Unicorn-64312.exe
2680	Unicorn-45044.exe
4736	Unicorn-65142.exe
2712	Unicorn-5172.exe
2904	Unicorn-31531.exe
1756	Unicorn-31266.exe
724	Unicorn-64950.exe
5116	Unicorn-11110.exe
1184	Unicorn-64395.exe
1848	Unicorn-56534.exe
2556	Unicorn-45599.exe
652	Unicorn-42496.exe
1768	Unicorn-34328.exe
1616	Unicorn-2210.exe
1852	Unicorn-2210.exe
2476	Unicorn-21692.exe
4380	Unicorn-9439.exe
1656	Unicorn-3309.exe
1732	Unicorn-54291.exe
4084	Unicorn-23228.exe
4756	Unicorn-27674.exe
892	Unicorn-3575.exe
2148	Unicorn-22735.exe
4336	Unicorn-38337.exe
2876	Unicorn-34253.exe
1672	Unicorn-46505.exe
64	Unicorn-1388.exe
3968	Unicorn-21023.exe
4932	Unicorn-1580.exe
2468	Unicorn-39406.exe
2620	Unicorn-19540.exe
4416	Unicorn-37953.exe
912	Unicorn-33869.exe
3768	Unicorn-37953.exe
2188	Unicorn-33869.exe
4128	Unicorn-14195.exe
4660	Unicorn-32014.exe
3844	Unicorn-60189.exe
4428	Unicorn-26447.exe
4792	Unicorn-26770.exe
4808	Unicorn-3225.exe
1716	Unicorn-15477.exe
2884	Unicorn-21599.exe
720	Unicorn-6795.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
6604	5580	WerFault.exe	186
7020	5572	WerFault.exe	185
13884	7316	WerFault.exe	307

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4970.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe
3644	Unicorn-43435.exe
4580	Unicorn-47083.exe
3320	Unicorn-14965.exe
1544	Unicorn-5303.exe
4836	Unicorn-30170.exe
5056	Unicorn-24463.exe
2632	Unicorn-10164.exe
1692	Unicorn-27919.exe
2248	Unicorn-9122.exe
1988	Unicorn-10413.exe
1160	Unicorn-52423.exe
1972	Unicorn-19921.exe
4960	Unicorn-16544.exe
1516	Unicorn-28796.exe
1096	Unicorn-39522.exe
3788	Unicorn-17551.exe
3392	Unicorn-9382.exe
3036	Unicorn-23533.exe
1036	Unicorn-58758.exe
2332	Unicorn-63243.exe
1932	Unicorn-64312.exe
4736	Unicorn-65142.exe
2680	Unicorn-45044.exe
5116	Unicorn-11110.exe
2904	Unicorn-31531.exe
2712	Unicorn-5172.exe
1756	Unicorn-31266.exe
724	Unicorn-64950.exe
1184	Unicorn-64395.exe
2556	Unicorn-45599.exe
1848	Unicorn-56534.exe
652	Unicorn-42496.exe
1852	Unicorn-2210.exe
1616	Unicorn-2210.exe
1768	Unicorn-34328.exe
2476	Unicorn-21692.exe
4380	Unicorn-9439.exe
1656	Unicorn-3309.exe
1732	Unicorn-54291.exe
4084	Unicorn-23228.exe
4756	Unicorn-27674.exe
892	Unicorn-3575.exe
2148	Unicorn-22735.exe
2876	Unicorn-34253.exe
1672	Unicorn-46505.exe
4336	Unicorn-38337.exe
64	Unicorn-1388.exe
4932	Unicorn-1580.exe
4416	Unicorn-37953.exe
2620	Unicorn-19540.exe
3768	Unicorn-37953.exe
912	Unicorn-33869.exe
2468	Unicorn-39406.exe
3968	Unicorn-21023.exe
2188	Unicorn-33869.exe
4128	Unicorn-14195.exe
4792	Unicorn-26770.exe
4660	Unicorn-32014.exe
4428	Unicorn-26447.exe
3844	Unicorn-60189.exe
4808	Unicorn-3225.exe
4744	Unicorn-1195.exe
1716	Unicorn-15477.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 3644	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	88
PID 1840 wrote to memory of 3644	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	88
PID 1840 wrote to memory of 3644	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	88
PID 3644 wrote to memory of 4580	3644	Unicorn-43435.exe	95
PID 3644 wrote to memory of 4580	3644	Unicorn-43435.exe	95
PID 3644 wrote to memory of 4580	3644	Unicorn-43435.exe	95
PID 1840 wrote to memory of 3320	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	96
PID 1840 wrote to memory of 3320	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	96
PID 1840 wrote to memory of 3320	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	96
PID 4580 wrote to memory of 1544	4580	Unicorn-47083.exe	99
PID 4580 wrote to memory of 1544	4580	Unicorn-47083.exe	99
PID 4580 wrote to memory of 1544	4580	Unicorn-47083.exe	99
PID 3644 wrote to memory of 4836	3644	Unicorn-43435.exe	100
PID 3644 wrote to memory of 4836	3644	Unicorn-43435.exe	100
PID 3644 wrote to memory of 4836	3644	Unicorn-43435.exe	100
PID 3320 wrote to memory of 5056	3320	Unicorn-14965.exe	101
PID 3320 wrote to memory of 5056	3320	Unicorn-14965.exe	101
PID 3320 wrote to memory of 5056	3320	Unicorn-14965.exe	101
PID 1840 wrote to memory of 2632	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	102
PID 1840 wrote to memory of 2632	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	102
PID 1840 wrote to memory of 2632	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	102
PID 1544 wrote to memory of 1692	1544	Unicorn-5303.exe	107
PID 1544 wrote to memory of 1692	1544	Unicorn-5303.exe	107
PID 1544 wrote to memory of 1692	1544	Unicorn-5303.exe	107
PID 4580 wrote to memory of 2248	4580	Unicorn-47083.exe	108
PID 4580 wrote to memory of 2248	4580	Unicorn-47083.exe	108
PID 4580 wrote to memory of 2248	4580	Unicorn-47083.exe	108
PID 4836 wrote to memory of 1516	4836	Unicorn-30170.exe	109
PID 4836 wrote to memory of 1516	4836	Unicorn-30170.exe	109
PID 4836 wrote to memory of 1516	4836	Unicorn-30170.exe	109
PID 3644 wrote to memory of 1988	3644	Unicorn-43435.exe	110
PID 3644 wrote to memory of 1988	3644	Unicorn-43435.exe	110
PID 3644 wrote to memory of 1988	3644	Unicorn-43435.exe	110
PID 2632 wrote to memory of 1160	2632	Unicorn-10164.exe	112
PID 2632 wrote to memory of 1160	2632	Unicorn-10164.exe	112
PID 2632 wrote to memory of 1160	2632	Unicorn-10164.exe	112
PID 3320 wrote to memory of 1972	3320	Unicorn-14965.exe	113
PID 3320 wrote to memory of 1972	3320	Unicorn-14965.exe	113
PID 3320 wrote to memory of 1972	3320	Unicorn-14965.exe	113
PID 5056 wrote to memory of 4960	5056	Unicorn-24463.exe	111
PID 5056 wrote to memory of 4960	5056	Unicorn-24463.exe	111
PID 5056 wrote to memory of 4960	5056	Unicorn-24463.exe	111
PID 1840 wrote to memory of 1096	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	114
PID 1840 wrote to memory of 1096	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	114
PID 1840 wrote to memory of 1096	1840	2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe	114
PID 1692 wrote to memory of 3788	1692	Unicorn-27919.exe	115
PID 1692 wrote to memory of 3788	1692	Unicorn-27919.exe	115
PID 1692 wrote to memory of 3788	1692	Unicorn-27919.exe	115
PID 2248 wrote to memory of 3392	2248	Unicorn-9122.exe	116
PID 2248 wrote to memory of 3392	2248	Unicorn-9122.exe	116
PID 2248 wrote to memory of 3392	2248	Unicorn-9122.exe	116
PID 4580 wrote to memory of 1036	4580	Unicorn-47083.exe	117
PID 4580 wrote to memory of 1036	4580	Unicorn-47083.exe	117
PID 4580 wrote to memory of 1036	4580	Unicorn-47083.exe	117
PID 1544 wrote to memory of 3036	1544	Unicorn-5303.exe	118
PID 1544 wrote to memory of 3036	1544	Unicorn-5303.exe	118
PID 1544 wrote to memory of 3036	1544	Unicorn-5303.exe	118
PID 1160 wrote to memory of 2332	1160	Unicorn-52423.exe	119
PID 1160 wrote to memory of 2332	1160	Unicorn-52423.exe	119
PID 1160 wrote to memory of 2332	1160	Unicorn-52423.exe	119
PID 1972 wrote to memory of 1932	1972	Unicorn-19921.exe	120
PID 1972 wrote to memory of 1932	1972	Unicorn-19921.exe	120
PID 1972 wrote to memory of 1932	1972	Unicorn-19921.exe	120
PID 1988 wrote to memory of 2680	1988	Unicorn-10413.exe	121

C:\Users\Admin\AppData\Local\Temp\2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe
"C:\Users\Admin\AppData\Local\Temp\2a8bd27a75adc8270f451f0f9a56ea996f36b7d6525dd9797282ed2c526a17c5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        11⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        11⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        10⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        9⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        10⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        9⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        9⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        9⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        9⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        7⤵
        Executes dropped EXE
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        9⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        8⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        8⤵
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
        7⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        9⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        10⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        10⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        9⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        8⤵
        
        PID:13496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        8⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        8⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        9⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        9⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        7⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37112.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        9⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        9⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        8⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        8⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
        7⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        8⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        8⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        7⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        6⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        8⤵
        
        PID:16012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        7⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62492.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        7⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        7⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        8⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        8⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        6⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        6⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        5⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        6⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        7⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        9⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        10⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        9⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        9⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        7⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
        6⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44828.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        7⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        7⤵
        
        PID:12724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12559.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        6⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 720
        7⤵
        Program crash
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        5⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        7⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        6⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        6⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        6⤵
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        6⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        5⤵
        
        PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        6⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 632
        7⤵
        Program crash
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
        7⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        7⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29627.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        7⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9063.exe
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        7⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16287.exe
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        5⤵
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
      4⤵
      PID:13788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        9⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        9⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        9⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        8⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        7⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        6⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        7⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        6⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 640
        7⤵
        Program crash
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
        5⤵
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        5⤵
        
        PID:16304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        7⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        7⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
        7⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13516.exe
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58960.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        7⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        7⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        5⤵
        
        PID:15540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
      4⤵
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
      4⤵
      PID:13396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        8⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        6⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        6⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24792.exe
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        6⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        7⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
        5⤵
        
        PID:13464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
      4⤵
      PID:16392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
      4⤵
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6069.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
      4⤵
      PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
      4⤵
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
    3⤵
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
      4⤵
      PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        5⤵
        
        PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
      4⤵
      PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
      4⤵
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
      4⤵
      PID:15660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
    3⤵
    PID:8420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
    3⤵
    PID:12268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
    3⤵
    PID:15904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
        6⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        6⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5539.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        6⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        8⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        7⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
        6⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        5⤵
        
        PID:11228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        5⤵
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
      4⤵
      Executes dropped EXE
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        5⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        5⤵
        
        PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
      4⤵
      PID:13800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        8⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        7⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        7⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37568.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        7⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        6⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50792.exe
        7⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        6⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16583.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49839.exe
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        5⤵
        
        PID:15924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19540.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        7⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        7⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        6⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
      4⤵
      PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
      4⤵
      PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
        6⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        5⤵
        
        PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        5⤵
        
        PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
      4⤵
      PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
      4⤵
      PID:16100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
    3⤵
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25146.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39483.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
      4⤵
      PID:14456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
    3⤵
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31143.exe
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
      4⤵
      PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18904.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
    3⤵
    PID:13368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
    3⤵
    PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        8⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25716.exe
        7⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        7⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        6⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8077.exe
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        7⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        6⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        6⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52385.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        6⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        5⤵
        
        PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
        7⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        6⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        6⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28685.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        6⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
        5⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
        5⤵
        
        PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21197.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63168.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
      4⤵
      PID:15480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        6⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14039.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18678.exe
      4⤵
      PID:10592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
      4⤵
      PID:16928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
      4⤵
      PID:14112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
    3⤵
    PID:8868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
    3⤵
    PID:12064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
    3⤵
    PID:13956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
        5⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        6⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38130.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48745.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        5⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
      4⤵
      PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        5⤵
        
        PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        5⤵
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
      4⤵
      PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22475.exe
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
    3⤵
    PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
      4⤵
      PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
      4⤵
      PID:15864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
    3⤵
    PID:8288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
    3⤵
    PID:10880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
    3⤵
    PID:2584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
      4⤵
      PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
      4⤵
      PID:17240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
      4⤵
      PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
    3⤵
    PID:8908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
    3⤵
    PID:12548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
    3⤵
    PID:15984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1195.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35073.exe
    3⤵
    PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45037.exe
      4⤵
      PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
      4⤵
      PID:14696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
      4⤵
      PID:17332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
    3⤵
    PID:8380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
    3⤵
    PID:12184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
    3⤵
    PID:15960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
  2⤵
  PID:224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
    3⤵
    PID:9996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
    3⤵
    PID:13144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
    3⤵
    PID:15744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
  2⤵
  PID:9052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:12300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
  2⤵
  PID:16036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5580 -ip 5580
1⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5572 -ip 5572
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7316 -ip 7316
1⤵
PID:13744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe

Filesize
468KB

MD5
899af0ded26e1455c8ce2d7ef439381e

SHA1
fa2e450c7ffabfa337a16aa97cf5c11a1f2b2b59

SHA256
c614326368e11c0f8921550be82ec2fadaa361d0385bd4ce0ea36dcc5083dc91

SHA512
1b794d229ad4adfed9680bc30d2823f47c0b60718c02b229f9dcdca2a8353c1ca062e5ff96b31f4598f5156553e1466fb7751af4c27a273adbbf50b5cc1f79c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe

Filesize
468KB

MD5
00c3dfb78677adca549cc480f60cf3f4

SHA1
4cf852bc4cb7ca3e4ca7d6b2833ab043f2f8bdb8

SHA256
3b277796be74f6e2b22e248af7b588d1a9de6c6648124cd6e4df1c6670dc3fbd

SHA512
1697ad013f86509b922ee108b1126ce417f646598c7fff99049fdb5ae8ec7f961f8d768b752f5fcd9a96a42f193f46d1271ca4bd69a5a87f5372caa8d61b4ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe

Filesize
468KB

MD5
3b3a6dd1192f0e8ec254cd79b889cab8

SHA1
e16cc52b971c4bfb22e1d95adfa982bc9aa62fea

SHA256
73f9dd807bf06bccfb863d884b6fea034bdce6f2e0ac8296a8bdea41d9cbd628

SHA512
16f42f4801a001c871a018cdb7399662bd248d8b75e703b3b015aa5dda66c0f9617e55c1b7502b7267e99e01fb38c4ad44fc038f36d8f6cfbd24b078e230d524

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe

Filesize
468KB

MD5
211154cc389b3916ac300012809afdb2

SHA1
93d20a24a678b13ffcb622b356479cf610c07c0d

SHA256
11254a02cc8c107db3ea2e45d63c3e31463b7228918e50d782d55b6fd87d9f72

SHA512
d66ed1ef943d72c77032884670e4e86db5046233ade76512627815bb26b52eff42097c718cc96ac3af2c2f25a0cb6b14c4fccc6cc49c64a6be123ccdf12bb5c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe

Filesize
468KB

MD5
a63cec59f9fa260d710a5ebd05069a40

SHA1
16c4ca96658b33b5f8daa29b3b2fa0945cfdf63f

SHA256
bc1c6b25f126cd32ed68340bc2832ec2a6a2d4b28559515176a53f6a10151690

SHA512
684773f7535652076d731ca19071a52dee96fcb0a330a5ac4dc59c007658760702f5f540d3a7facc9d141cd5d8936514445ae3ed93d5939956c945f5818ef28d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe

Filesize
468KB

MD5
343a30bb5fb6f07153541d0d5591f7c8

SHA1
3f505b15a0a66a8942bb59d9d14ad38c8b40ebf7

SHA256
3a99bd419da4ea4ab4ba7d8f38d0a20a9b95e8b900116b7a926bb6d4c2e24afd

SHA512
74409956f17f90fee7dbd6955d44523b7267eddf653c2fa883b4ec27c4108aa3bb9730f6435cdc565437155da83c11ee0ca3da7c6c2c9d7090c2d580a04ea9aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe

Filesize
468KB

MD5
95d3a66e4c83e4704bf077ca7f8df194

SHA1
bf43e0568db52e5416f3f80a25ab8b98aad44bb0

SHA256
ed717715a8d4c19a93d440ce8c86b1dc4a703f2d26bd49b43d0166ac6638b2b2

SHA512
a1acb8680db8732d24126196b82e3624dd1a9bb71c5c85fa86bda3a71bc74140071a6ef4db72a5e23ae1c8fa327a7db23358c05614c75b2a5989bb4cab31432c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe

Filesize
468KB

MD5
0456bcc64745050b7a6c07d7090a3a2a

SHA1
4ea4b48a78dcef67deb728d29bff3441c0231776

SHA256
a421bb7a082ea2efaff9777dd3feb5082f6bbcf4f8b6db1ac58a9e1d5dfa5364

SHA512
5bd792b4c78fd5684958a23eb6345c276074885d256da9c610e1f2a7e7a1867606308bbffcc652147d8a58de987fd43fe2c1c012922e09f261ee0d8ebfff7522

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe

Filesize
468KB

MD5
b8d47c105fcf71c862d8d6b5aa6c9f8e

SHA1
4d393a3c8eb7707297ef14a53b6730a2b699fbb0

SHA256
a9ff2f52ab6e907d87281bfe488828950ef3397d0f6f4110a43600c4beb95138

SHA512
7fc87bc7339465f8827db69d814a184e105d0bbccc4868be336d12a51f1bb8d50533af601d6e8341c8e1962744ba267851abe4d02ee0c4704cc36a93a5083874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe

Filesize
468KB

MD5
3670b04e15241a2a9e1f1a706f6871e5

SHA1
52869fb1a321dee36b20b506bd8a3f9feeeea601

SHA256
ea1584e3af6915d9994c9987dce826cdb07b776876fde5e0bd5b866cccb808d3

SHA512
84a96cb88b02a1ddebb7813842ffcc61f63235a80d1b2e07a8f1a5ead11af092a37e2a11e7fd8734341a3d26edd2694490340f93612fc849db3fd640fa84606c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe

Filesize
468KB

MD5
052b842db6c713a0870b92a67c072191

SHA1
fd7a22689ed430d0f195f7893ede0e44d25b108f

SHA256
a77a5f5e65b25da2a607231fd88793f71fa669c7b1a5f911d7a098ae8693426e

SHA512
673c72fb0dbaf7b275426817f8ac6a06f3eb19397902b297818224abe0e0702b05edb8ef8db0b5ba52c7de5975425b0d31f8e77fc6484d8c6d9f303249b30e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe

Filesize
468KB

MD5
16605bed4aedf95ebbdcb97d633b9237

SHA1
185dd582fa810bd2d09b132317ad18bc17ea1d1e

SHA256
4ed20ea45e0ed318525dea3d5a471016298b046bec7af32fdc8921dbdccb4b3d

SHA512
ed25a5af9afae0ac8c17fbdef7256d54118795809d74a136179115e139543a4cc2b4483947a75df7df1f5a15a34b474b8b78ce84738a6ecddf357677ea860378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe

Filesize
468KB

MD5
092f833128566a1a4373e30e99bc38f3

SHA1
0318edf9ac87b9b9cc862f42a1ff5b7f938eba5b

SHA256
e81d3a3fb6e98be907c4b1fdba0e897e64ff936b802da3bf628278c5974a2aaf

SHA512
9b9b274d7854ab109c6bfbbe7fa07216b20858222de6f1673e6af50eb7c67a982999681c5b2101fed1be5c08b9080681456909026e1dacb272b62dbdedc5fd97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe

Filesize
468KB

MD5
c0f2ab3179ae42cce0d0b3dc3bf37b39

SHA1
8f5709a19a74aae5422922dde160437b79b8bc09

SHA256
9a50fe6ca4d79c4a375a3013950f3e5066469d942414399ee741d412d2593c45

SHA512
9e32b2dfce8d26fad7b3d1b1260827f43871150973bccf7bb3b11569768970013151da58d648e8e01569630990843571a1b41395980fce7677dced441ff3fea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe

Filesize
468KB

MD5
5cb850802e85946f9cda1d5b03482394

SHA1
a8895a2e5ab48a87e7395ad41446e4f7ab9ac997

SHA256
df12c0a0483929447e194ca4ae09d782b57dc272c92e8602b421e25874547de6

SHA512
8d774dfdec56d429adc7f1b197096397c51291d1d01784664b0a5936ad4658b571e91d9dfd93b237800ef80499ae2714ad08e8ec7a7994d7869a19cc2aa398af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe

Filesize
468KB

MD5
c562aa9dc28790449e291b3b924cfc34

SHA1
0654e0f0994aaaa4f5f3545dc6c5d398bcc99eb6

SHA256
6b89b8787970fd217e053503eb97b3003782d9877f7a3b926c5df48e4327537f

SHA512
6db3f9642e6fcd3bbbeba44d12c87c9405a509f561244e0af38c387ccc9e5b661199bc26278cc056d62bbe80cdf4cad7809b04286aacd06c1c14a9a3a65d46d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe

Filesize
468KB

MD5
96192b9a3ff9e52e98b9f6bf55582f30

SHA1
836a8926c931d426d12ddcf9313c840c673396e5

SHA256
4b37a860c5240ea339e8d4c3697a088a46d53dc7334dff2701d69926e6f16abb

SHA512
d632969f2e6fedef996704a61acfff41857d39c9028e7f1db5a02b941dd17e33fb4a0f6fa5e5b34107bd3dc42161a570597456b1ce63e367d4ea82edfe00273d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43435.exe

Filesize
468KB

MD5
49eeb86b1d261e32bc9361b0a6755713

SHA1
dfc86596812575740436639b2574bbd27bd9534e

SHA256
1d6da42c0e63bf362ba59439b82f19c28d9d5f80c0614e90ea520d7b18a1079f

SHA512
d28bd33e268b5e761606161a0dc6c624cad622bf0d717a30c04bd8539cd404440b2c6008b76ca81207496ef56df86a6ad439f92b913c76c7608df99ac8ed3e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe

Filesize
468KB

MD5
1f57cc70c251f1f961e3361a42ee356b

SHA1
c8bf683c2082921b6d85340d74f63ac8056b547c

SHA256
a0fabf79928297316f09171e4871d124ab711fb3122bd4bcd2e96b988c56ea7e

SHA512
3857e10f5501bdacc7279767917a7b419948ffbedb4468bde6d550e21aaf195ae532fdbe423f47a6eda34a7ead6849c57d6119d3a37ae339d5ae611145086f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe

Filesize
468KB

MD5
ae656c98e8dd077cf082ff943385cf1b

SHA1
9a3c607fedcc5f56e5483da8071d0ccc52036195

SHA256
422c70d6762d7f15549aca590b838faf4eeada336acb465343de7c686bf856ae

SHA512
8508a6a3ff28513ae9da4a1eedf0f06a0f89de1080a618b6d9b49f714fa3b1ceca3daa99b1c2e08c743b3c1780470bdcfce18013faf1c9cba0b037843f2efbd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe

Filesize
468KB

MD5
2f912fd3521207c0a9648035f11fc01f

SHA1
713c22ba3d1498df3e5bea91f8cab45cf3fab8aa

SHA256
47c1a70ca182af13649c2769d813e60d8b6a8ecee3d0e430ed5339f36c38c2c6

SHA512
381337a942b1547f78bc188aeeda716f2781682a857ac19291a6da89bba75780db6a283668dbf41670b40f732c978a8f7c8e3e611ccfb1230616f642151717a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe

Filesize
468KB

MD5
8327cd677e0ad1ddbfad58a11dd07bc7

SHA1
7daf01ef07bdba0714b099b064608db31bde9ff7

SHA256
d8c498980e4d1152d66e5f50c4045d76c3d1e25934bbfb267c0fc8b9bed654dc

SHA512
e79a2bf30f1e89f0f76634beaeb2091344b092eeccca99d2d57b8ed72992d7ecad6b876c0b5ea9a471a05596fd613c7b24a32b15b8df4f535a76ef0dc76f6f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe

Filesize
468KB

MD5
769661c4e66b312abf804e5a9308715b

SHA1
07e55ef248c0ac14605e2d916ecb2b8a0fb7b96f

SHA256
c38c6052b53ed23b685b07ad0bec7cae6dd418d4f0b5c9059fda434f915c1789

SHA512
28358d7757ff017d132f54d0c5d1927f73d652d19fb692ab3c84c9180990f78f3182a5b00ed185f3a9a9cd6c60d7dfbb92fba57b49e73e6be7cd63bf6872b23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe

Filesize
468KB

MD5
fea7bc6efb2fb4a1f777e7216f4fb26c

SHA1
1125a38a430a7becadc8dbe4b1fb708020d4028d

SHA256
3d068d9d789554ef4e166e7a3832afe4aeb9b133182453a991e4ea9286f292f7

SHA512
155af8130c3d3c8015d882cc7bf9d59b63360f5bc11b85cf41bc61b5aa5973e76dc768b4a1e14407f865824ae6f26465abd69a926e5092b320da36cbc0e4c412

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe

Filesize
468KB

MD5
4f67facebf208284355825cf5527de48

SHA1
07a6926cd10641750df6717fd61db394a0eee181

SHA256
fcc807e302a2ffdbbd451dddf0d6c3a2c915ecb744bfd73b1850571336ce0a82

SHA512
5b79e9deeb10f216106601d4b8a8c9725379101d58e2752af5fa0784c6360e364a634726ae332e89584b01542a3796c840a6bb4d9a0edd293273f1f470224ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58758.exe

Filesize
468KB

MD5
6b6f2a9a6872ad379a87b25210bb4cd8

SHA1
2edf980c5e28f87f34d38e1e45bec41baf60d068

SHA256
818bbbfff6d42826175edaa554ec9bcdeda04e79fde10f826349621f35abc22c

SHA512
1271e2ccbb46f283de24d4a5fd706946bdf76b9c7034b5fccaa963dc0f9f28f62d4a02348e594b4d0953f55448e1a10943cb3f3ca744e1861f67e398abdd450c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe

Filesize
468KB

MD5
71184c6b67f73f36699f9618c3c58339

SHA1
4a6961f640272050d360a5d4d6d5dc8c49064d18

SHA256
57fb5822fd9e62136102eb8ed3bf34158f7fa0b55d7e05ff290c70863ded2f5b

SHA512
4e9fe0eedc766f4f7aa4fd83b989e1184974a28d507dd53fa6910994d91a181b8ca4f776e45b837dd564011c4f195dcdd3560552ee25c892fed0a4f59c172851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe

Filesize
468KB

MD5
db96318ca56de43e657d151b76c2e459

SHA1
e7e07603d518b5b2dafb227fabbe53f30236171f

SHA256
e8800251a7f5ba9ebb3761406f972574788e0474800df4733736d8055fdba0ea

SHA512
18ab1a0e0c10c1038cd2c05143bbe6443f292b92b6f09b8d5095a537e0526ac13f851b9b0e35ba82de0b75afb5e6e0799804d0b07e248840ec9bf74efd346320

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe

Filesize
468KB

MD5
0af0c3bddd4ec831671a02d1cac46f70

SHA1
c4252ab983d969c8fa16e80f0ed8b8e07095f238

SHA256
45b881295e072f9d9a6dc630d88e37d7082be09801c570719c21c3020bae851f

SHA512
9a25d1cd115c7754229a2b7162e13ec084975c556ebe0b267c209862de67a9bd3ffb7443fd10c228a588aa5381c28d0c9f28e9c33fa393744bceb4809ce17885

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe

Filesize
468KB

MD5
d738da05dd0206b4b659edaf92cabe97

SHA1
1be125054c2afe61ed6613dde97376a9c8e4d48b

SHA256
0e9871b4269cd276530c2be491c41c7f92b3abb3e436820ba3db81dc01f503a5

SHA512
77df6bf6826b90306e4d09ad0b47c266183ea712d48c4ab322972769b0ddf34b4ce449735003636f0baab638211ebf83cff6c00bb9e4887b8b95fb93e122d00d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe

Filesize
468KB

MD5
ea4b723c646027d387ea3c110cadd338

SHA1
1158f0d089829acf57ec5749b311ccaf0949b79a

SHA256
fac71be2b0085999b267d8525b8d1f32f2f33f212c1ab1ea18fc2bf7e8bc29eb

SHA512
e4937100c5f97442975411341217707139235cd265708252708859b08c3c17d0a22dc03bd1742d6b4fdd187f838e318f46886ea066021e62c20e5d8f233046b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe

Filesize
468KB

MD5
2b228c9e01c4522332f9dc972d580c43

SHA1
6cdac3b0ff1ef4b82e2917dc713a6915156e9699

SHA256
3276c4952d7989315132bcc393f9c01e0696ab200fc231f8b8e678c6024447fb

SHA512
b20d3500d47e4bd908ddf7aa6fa5760621cddba01ca53b3058856a2402360010bf546a70404d89ab08de08de17698fab18b1118012d9c27bd5d9617ec8164ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe

Filesize
468KB

MD5
43386fff3ee656b9072e203c04d5a398

SHA1
233acf1c09d2db6228d9dbe3ee4909fd74caeb52

SHA256
2f41b334a228e1ec34cc741e1ed07dfacc0a9e6fac3ddfcda045a4ea4aefe48b

SHA512
0b5de60b36507c5cd56833a6045ef685f0611fe173e27d15701ca5b8900a74d536e24dd85c206256ed9b919858db821d4962a02a07dad21f5b3eb9a0e7423380

Download Submit