024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881

Analysis

max time kernel
120s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe
Size

468KB
MD5

56175404698cba9d35011ff21a5a46e0
SHA1

8d34a81ac712de595f9c9940676d78a75224e83e
SHA256

024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881
SHA512

83469879bd03cd2dc08ee1c04475c569c10492237cdc3d18b6619a3cffc7b1d2eca6b8d61c2749cba632924c80ebf04273dfe790ec9a8dd495b8f69d74e5906a
SSDEEP

3072:9c0sogKEIV5jtbY94AcQJf8S4ChySppkJEHCxVWaxqtNzGrugVl+:9c/oLjjtS4dQJf3fOVxqPCrug

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2644	Unicorn-33556.exe
2232	Unicorn-28486.exe
1980	Unicorn-12704.exe
4460	Unicorn-40520.exe
4996	Unicorn-38474.exe
1332	Unicorn-47105.exe
3248	Unicorn-25144.exe
2236	Unicorn-48257.exe
1500	Unicorn-37396.exe
2820	Unicorn-18656.exe
3188	Unicorn-447.exe
1488	Unicorn-33211.exe
2460	Unicorn-1599.exe
2464	Unicorn-56171.exe
3744	Unicorn-12253.exe
5060	Unicorn-20422.exe
2224	Unicorn-53186.exe
4228	Unicorn-32409.exe
1928	Unicorn-37526.exe
2912	Unicorn-29912.exe
524	Unicorn-49778.exe
1412	Unicorn-40848.exe
4480	Unicorn-3270.exe
3636	Unicorn-38848.exe
3544	Unicorn-13597.exe
3076	Unicorn-46362.exe
2776	Unicorn-18812.exe
2232	Unicorn-61428.exe
4136	Unicorn-4059.exe
4132	Unicorn-27172.exe
2256	Unicorn-55206.exe
4596	Unicorn-27801.exe
2104	Unicorn-14173.exe
3820	Unicorn-26426.exe
1988	Unicorn-6560.exe
3536	Unicorn-65320.exe
4268	Unicorn-19580.exe
3724	Unicorn-39181.exe
3780	Unicorn-43530.exe
3356	Unicorn-49652.exe
916	Unicorn-59866.exe
2700	Unicorn-33224.exe
3728	Unicorn-62989.exe
3632	Unicorn-24955.exe
4632	Unicorn-5019.exe
1388	Unicorn-17272.exe
220	Unicorn-58204.exe
4408	Unicorn-15133.exe
1172	Unicorn-3436.exe
1548	Unicorn-58112.exe
4496	Unicorn-47806.exe
724	Unicorn-45760.exe
3700	Unicorn-478.exe
1004	Unicorn-42060.exe
1704	Unicorn-44490.exe
3264	Unicorn-10234.exe
4512	Unicorn-42928.exe
4500	Unicorn-20924.exe
5028	Unicorn-32430.exe
4440	Unicorn-32430.exe
4916	Unicorn-14723.exe
4604	Unicorn-49534.exe
2468	Unicorn-35144.exe
2796	Unicorn-45350.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
3916	2232	WerFault.exe	95
7000	5048	WerFault.exe	172
17916	15936	WerFault.exe	829
17996	15928	WerFault.exe	806
18120	15784	WerFault.exe	798
18288	15764	WerFault.exe	823
18408	16040	WerFault.exe	813
18352	15928	WerFault.exe	806
17692	16252	WerFault.exe	815
17852	16232	WerFault.exe	814
7596	15740	WerFault.exe	819
8096	16292	WerFault.exe	837

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19192.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe
2644	Unicorn-33556.exe
2232	Unicorn-28486.exe
1980	Unicorn-12704.exe
4460	Unicorn-40520.exe
4996	Unicorn-38474.exe
1332	Unicorn-47105.exe
3248	Unicorn-25144.exe
2236	Unicorn-48257.exe
2820	Unicorn-18656.exe
1500	Unicorn-37396.exe
3188	Unicorn-447.exe
1488	Unicorn-33211.exe
2464	Unicorn-56171.exe
3744	Unicorn-12253.exe
5060	Unicorn-20422.exe
4228	Unicorn-32409.exe
2224	Unicorn-53186.exe
2912	Unicorn-29912.exe
1928	Unicorn-37526.exe
524	Unicorn-49778.exe
1412	Unicorn-40848.exe
4480	Unicorn-3270.exe
2640	Unicorn-11651.exe
3636	Unicorn-38848.exe
3544	Unicorn-13597.exe
3076	Unicorn-46362.exe
2776	Unicorn-18812.exe
2232	Unicorn-61428.exe
4136	Unicorn-4059.exe
4132	Unicorn-27172.exe
4596	Unicorn-27801.exe
2256	Unicorn-55206.exe
2104	Unicorn-14173.exe
3820	Unicorn-26426.exe
1988	Unicorn-6560.exe
3536	Unicorn-65320.exe
3724	Unicorn-39181.exe
3780	Unicorn-43530.exe
4268	Unicorn-19580.exe
2700	Unicorn-33224.exe
3356	Unicorn-49652.exe
916	Unicorn-59866.exe
3728	Unicorn-62989.exe
3632	Unicorn-24955.exe
4632	Unicorn-5019.exe
1388	Unicorn-17272.exe
220	Unicorn-58204.exe
4408	Unicorn-15133.exe
1172	Unicorn-3436.exe
1700	Unicorn-32216.exe
1548	Unicorn-58112.exe
4496	Unicorn-47806.exe
724	Unicorn-45760.exe
3700	Unicorn-478.exe
1004	Unicorn-42060.exe
1704	Unicorn-44490.exe
3264	Unicorn-10234.exe
4512	Unicorn-42928.exe
4500	Unicorn-20924.exe
5028	Unicorn-32430.exe
4440	Unicorn-32430.exe
2468	Unicorn-35144.exe
4916	Unicorn-14723.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2644	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	90
PID 1904 wrote to memory of 2644	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	90
PID 1904 wrote to memory of 2644	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	90
PID 2644 wrote to memory of 2232	2644	Unicorn-33556.exe	95
PID 2644 wrote to memory of 2232	2644	Unicorn-33556.exe	95
PID 2644 wrote to memory of 2232	2644	Unicorn-33556.exe	95
PID 1904 wrote to memory of 1980	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	96
PID 1904 wrote to memory of 1980	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	96
PID 1904 wrote to memory of 1980	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	96
PID 1980 wrote to memory of 4460	1980	Unicorn-12704.exe	103
PID 1980 wrote to memory of 4460	1980	Unicorn-12704.exe	103
PID 1980 wrote to memory of 4460	1980	Unicorn-12704.exe	103
PID 1904 wrote to memory of 4996	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	104
PID 1904 wrote to memory of 4996	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	104
PID 1904 wrote to memory of 4996	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	104
PID 2644 wrote to memory of 1332	2644	Unicorn-33556.exe	107
PID 2644 wrote to memory of 1332	2644	Unicorn-33556.exe	107
PID 2644 wrote to memory of 1332	2644	Unicorn-33556.exe	107
PID 4460 wrote to memory of 3248	4460	Unicorn-40520.exe	110
PID 4460 wrote to memory of 3248	4460	Unicorn-40520.exe	110
PID 4460 wrote to memory of 3248	4460	Unicorn-40520.exe	110
PID 1980 wrote to memory of 2236	1980	Unicorn-12704.exe	111
PID 1980 wrote to memory of 2236	1980	Unicorn-12704.exe	111
PID 1980 wrote to memory of 2236	1980	Unicorn-12704.exe	111
PID 4996 wrote to memory of 1500	4996	Unicorn-38474.exe	112
PID 4996 wrote to memory of 1500	4996	Unicorn-38474.exe	112
PID 4996 wrote to memory of 1500	4996	Unicorn-38474.exe	112
PID 1904 wrote to memory of 2820	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	113
PID 1904 wrote to memory of 2820	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	113
PID 1904 wrote to memory of 2820	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	113
PID 1332 wrote to memory of 3188	1332	Unicorn-47105.exe	114
PID 1332 wrote to memory of 3188	1332	Unicorn-47105.exe	114
PID 1332 wrote to memory of 3188	1332	Unicorn-47105.exe	114
PID 2644 wrote to memory of 1488	2644	Unicorn-33556.exe	115
PID 2644 wrote to memory of 1488	2644	Unicorn-33556.exe	115
PID 2644 wrote to memory of 1488	2644	Unicorn-33556.exe	115
PID 3248 wrote to memory of 2460	3248	Unicorn-25144.exe	116
PID 3248 wrote to memory of 2460	3248	Unicorn-25144.exe	116
PID 3248 wrote to memory of 2460	3248	Unicorn-25144.exe	116
PID 4460 wrote to memory of 2464	4460	Unicorn-40520.exe	117
PID 4460 wrote to memory of 2464	4460	Unicorn-40520.exe	117
PID 4460 wrote to memory of 2464	4460	Unicorn-40520.exe	117
PID 2236 wrote to memory of 3744	2236	Unicorn-48257.exe	118
PID 2236 wrote to memory of 3744	2236	Unicorn-48257.exe	118
PID 2236 wrote to memory of 3744	2236	Unicorn-48257.exe	118
PID 1488 wrote to memory of 5060	1488	Unicorn-33211.exe	119
PID 1488 wrote to memory of 5060	1488	Unicorn-33211.exe	119
PID 1488 wrote to memory of 5060	1488	Unicorn-33211.exe	119
PID 2644 wrote to memory of 4228	2644	Unicorn-33556.exe	121
PID 2644 wrote to memory of 4228	2644	Unicorn-33556.exe	121
PID 2644 wrote to memory of 4228	2644	Unicorn-33556.exe	121
PID 1980 wrote to memory of 2224	1980	Unicorn-12704.exe	120
PID 1980 wrote to memory of 2224	1980	Unicorn-12704.exe	120
PID 1980 wrote to memory of 2224	1980	Unicorn-12704.exe	120
PID 2820 wrote to memory of 1928	2820	Unicorn-18656.exe	122
PID 2820 wrote to memory of 1928	2820	Unicorn-18656.exe	122
PID 2820 wrote to memory of 1928	2820	Unicorn-18656.exe	122
PID 1332 wrote to memory of 2912	1332	Unicorn-47105.exe	123
PID 1332 wrote to memory of 2912	1332	Unicorn-47105.exe	123
PID 1332 wrote to memory of 2912	1332	Unicorn-47105.exe	123
PID 1500 wrote to memory of 524	1500	Unicorn-37396.exe	124
PID 1500 wrote to memory of 524	1500	Unicorn-37396.exe	124
PID 1500 wrote to memory of 524	1500	Unicorn-37396.exe	124
PID 1904 wrote to memory of 1412	1904	024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe	125

C:\Users\Admin\AppData\Local\Temp\024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe
"C:\Users\Admin\AppData\Local\Temp\024d0647cf54ee3cc8461894ea85739216a6f1f2a083108904c1e8f3c4c48881N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33556.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33556.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2232
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 464
      4⤵
      Program crash
      PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56869.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        8⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        8⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39878.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        7⤵
        
        PID:18228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        7⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        7⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        6⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3697.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        6⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        5⤵
        
        PID:15928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15928 -s 464
        6⤵
        Program crash
        
        PID:17996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15928 -s 452
        6⤵
        Program crash
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        5⤵
        
        PID:17944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        6⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        8⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        7⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34501.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13059.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        5⤵
        
        PID:14788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        7⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        6⤵
        
        PID:17812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        6⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
      4⤵
      PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31718.exe
      4⤵
      PID:16556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        8⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55210.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
        7⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        7⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60019.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22354.exe
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        6⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        6⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
        5⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42060.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        6⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
      4⤵
      PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
      4⤵
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24244.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        7⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60062.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        6⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        5⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
      4⤵
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
        5⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
      4⤵
      PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
      4⤵
      PID:16828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
    3⤵
    PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2692.exe
        5⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
      4⤵
      PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
    3⤵
    PID:10084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
    3⤵
    PID:12596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
    3⤵
    PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
    3⤵
    PID:17040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        5⤵
        Executes dropped EXE
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        10⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        10⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        10⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
        10⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        9⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        9⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        9⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3190.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        8⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        8⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        8⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        7⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        7⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        7⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        8⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        7⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        6⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46667.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        7⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        6⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        9⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        9⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        9⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        8⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        7⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
        7⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        8⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        8⤵
        
        PID:18132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        7⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        7⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        6⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        7⤵
        
        PID:15740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15740 -s 436
        8⤵
        Program crash
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        6⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11526.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        6⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        6⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        5⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        8⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        7⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        7⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        7⤵
        
        PID:15936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15936 -s 424
        8⤵
        Program crash
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        6⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        7⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        7⤵
        
        PID:15764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15764 -s 436
        8⤵
        Program crash
        
        PID:18288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        7⤵
        
        PID:18240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        6⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46178.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47680.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        5⤵
        
        PID:15784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15784 -s 464
        6⤵
        Program crash
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        5⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        5⤵
        
        PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        7⤵
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        6⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        6⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        5⤵
        
        PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        6⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
        6⤵
        
        PID:16232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16232 -s 464
        7⤵
        Program crash
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        6⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50480.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
        5⤵
        
        PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21143.exe
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        5⤵
        
        PID:16396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
      4⤵
      PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
      4⤵
      PID:18100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14875.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        6⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
        6⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        6⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        7⤵
        
        PID:16292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16292 -s 464
        8⤵
        Program crash
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49660.exe
        7⤵
        
        PID:18400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17590.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        6⤵
        
        PID:16252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16252 -s 464
        7⤵
        Program crash
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        6⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
      4⤵
      Executes dropped EXE
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27642.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        5⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
      4⤵
      PID:17684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        7⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        7⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8399.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        6⤵
        
        PID:17832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
        6⤵
        
        PID:18064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        5⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        5⤵
        
        PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
      4⤵
      PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
      4⤵
      PID:14356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
      4⤵
      PID:17256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47330.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        5⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        5⤵
        
        PID:12376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
      4⤵
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
    3⤵
    PID:5048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 632
      4⤵
      Program crash
      PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17470.exe
    3⤵
    PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24115.exe
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
    3⤵
    PID:11608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
    3⤵
    PID:15216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55842.exe
        8⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        8⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        7⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        7⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        6⤵
        
        PID:14312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        5⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        7⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20754.exe
        5⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        6⤵
        
        PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        6⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
        5⤵
        
        PID:9844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        5⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        5⤵
        
        PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5302.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48987.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
      4⤵
      PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
      4⤵
      PID:17248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        7⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        6⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        5⤵
        
        PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
      4⤵
      PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
      4⤵
      PID:13368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
      4⤵
      PID:16040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16040 -s 464
        5⤵
        Program crash
        
        PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
      4⤵
      PID:17660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58696.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        6⤵
        
        PID:16480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1550.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
      4⤵
      PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
      4⤵
      PID:11772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
      4⤵
      PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
      4⤵
      PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
      4⤵
      PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
    3⤵
    PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
    3⤵
    PID:12096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
    3⤵
    PID:14560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3732.exe
    3⤵
    PID:16420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        8⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        8⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        6⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        6⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9100.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        6⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        5⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
      4⤵
      PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
      4⤵
      PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
        5⤵
        
        PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
      4⤵
      PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
      4⤵
      PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
      4⤵
      PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
    3⤵
    PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
      4⤵
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
      4⤵
      PID:12908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
    3⤵
    PID:10076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
    3⤵
    PID:12548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
    3⤵
    PID:14424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
    3⤵
    PID:17092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        6⤵
        
        PID:17816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
      4⤵
      PID:9752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
      4⤵
      PID:14824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
      4⤵
      PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11079.exe
      4⤵
      PID:15796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37024.exe
      4⤵
      PID:18184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
    3⤵
    PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
    3⤵
    PID:8560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
    3⤵
    PID:13140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50377.exe
    3⤵
    PID:15384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
    3⤵
    PID:16724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1327.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        5⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
      4⤵
      PID:16456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
    3⤵
    PID:9672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
    3⤵
    PID:11344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
    3⤵
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
    3⤵
    PID:16492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
  2⤵
  PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
    3⤵
    PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
      4⤵
      PID:12740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
      4⤵
      PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
    3⤵
    PID:8492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-231.exe
    3⤵
    PID:11640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
    3⤵
    PID:14308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
    3⤵
    PID:16436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
  2⤵
  PID:6692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
    3⤵
    PID:12820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
    3⤵
    PID:6492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
  2⤵
  PID:9028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
  2⤵
  PID:11308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
  2⤵
  PID:14924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
  2⤵
  PID:17240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2232 -ip 2232
1⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5048 -ip 5048
1⤵
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 15992 -ip 15992
1⤵
PID:18024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 16040 -ip 16040
1⤵
PID:18296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 14668 -ip 14668
1⤵
PID:16900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 16016 -ip 16016
1⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 15868 -ip 15868
1⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 15896 -ip 15896
1⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 15988 -ip 15988
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 15380 -ip 15380
1⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 16284 -ip 16284
1⤵
PID:18256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe

Filesize
468KB

MD5
e08ecf9a83bcaf96dc7e02ecd257117d

SHA1
7c163d93f7e1e84b88807adec274fe85db7f9a25

SHA256
9c8a757ff0c3b1a56ff29f43e8cec34014efd4e966342b89bbfbbb99a3a6b40c

SHA512
d7c678762af56e9eb6fc5e1c69878682b125bd22bbb7cdebc4a944be2c630c63ada99c3bf5a5c0ad442e4de61b1085d61460face94930b5a141a6757f097d355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12253.exe

Filesize
468KB

MD5
b37239437398d220652746f35ef45e2d

SHA1
177a8d9636adb8120743bfeb72af852df708faba

SHA256
a16f4ddbfe0d59bf311e181f93705659731fa7616b96dce00535845f1f339c80

SHA512
0178dcf3491168f71061f437c082af6d11b229fafae9eca2fa5d0ce0cc2bd9860655eeea77bc0e1edb51811c9ef2b3136414fd4b4c1744131a21c635c5db3def

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12704.exe

Filesize
468KB

MD5
54a278b8d9bd1bba165240241f4ebaaf

SHA1
e56466195ffe00fdffa3985803b36580c6918ed9

SHA256
6ffbbf816aa5f2395b11d36192a163a666b443f1a35e1c16e97f1cfc3f132d07

SHA512
e1c92511de7cb9e568932b8615f0f8bbe2c16dcb96da127a081e7006f4db7d9ff04c17e1ddeeab6c6727d6f50282b606f041dc85be0256b04fdae9080335468f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe

Filesize
468KB

MD5
9264516c44bab49878b345e9302ba8de

SHA1
69095108f814266e8b2261865136049d3245f264

SHA256
1b7398c8bd9770cd6927095c4f4a175ddb8dfb012e6b9609310a0f8fcf6190b1

SHA512
fb7a4cee5afa2a458352e1af614301ad5d66170cad0b8e72965d9eabdab007da7a933626963d66b87c7d770184aec7f4d2cbf8aabd43fe0cb30b84482f80e919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe

Filesize
468KB

MD5
0470e9fd0a42cba0892410526621c0da

SHA1
7aebe039a965c1218dd34608f7ba40aece86fd7d

SHA256
11ed17a2359dab8cab632fb9406ef1ab07f0f4d3ec851002a3ddb02cc598f28d

SHA512
5f2862f1ffe04e729dd5af03db6659167a3ce3de3aa75094bca88dbba59513a3e87bf4b2747545af7379438d5860bec46355489acfb2327fa69b68fc7bf41d47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe

Filesize
468KB

MD5
0fe11027703c0d54f1cd93d6f48d44ef

SHA1
9a4cdeacc9896024db14b57fac9f8bcd647c37ce

SHA256
f1f079d6e95f7c8bc8ae2abb84126be0352e01411d89381f6cbc0fcd5ad1cf0f

SHA512
ff54d1a797e72860a06086e03ec9642299429ebc7d281446122dde1ad7a8146b62ba8ca262832a4bcd2e563237677d3ab641724a2e5d49d435620e0c892a7107

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe

Filesize
468KB

MD5
076332f9bb09259dd3f441d1444d5135

SHA1
124d599cd90c40b25e6a325409549cf6b9912ed3

SHA256
fbd093dfcd3f975e67827595ece4f99299bd94d8c371b465f2fcf0c504fa06f5

SHA512
6f47ae28e65c6c16e1514c81f2d2f0e6cfa1e2f84cf2fb69c18c8db9c94ee72b583e8c71f4bd35c18a67628dd78e1624f6bd7e97d52e1ba84d34abca2b4096a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe

Filesize
468KB

MD5
a13b4ebaef6a9c96122eb6445aa8922b

SHA1
20e8dacebb11045c8b70ece75fef51139dcc5e33

SHA256
ba1c10d4dc34d6fa0384810a8f133c47dc71568c11d12dd56ac56982ae1ec937

SHA512
2459c2a1ddab14547f9e346df8706c45a1459910f41168b7c801064bbfd6ea41a07b53f5e0f8158551ffe2413a3635d3f70003ed8cb0a3ede81729215be48d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe

Filesize
468KB

MD5
1fd91d0a32cc7f57f4666c9bbba244da

SHA1
dab9454692684453abd82aac6ec7e8846dc79e24

SHA256
7f874b7b9a890586fbd07d815e8331d2d9b7309b068100819546044f87e1186f

SHA512
02a69a6e5ac303153a24ff257a0a025d66bcee3a8cbf376ce2232405be1601876179c02b54a90081b479cd28bdc2ee24d0a9bd884d2c9802a66a7fd3fae590ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27172.exe

Filesize
468KB

MD5
f9d872e3079679748e80d03d48673aab

SHA1
5a1dd233eafa5143629a5855e95562986dca4c68

SHA256
0fed10ac7c9203df13d0a91c65977c020fbc34cf147a9cb56580ed389fe942ea

SHA512
c81e6dae9c221944e0ed4fcb17ecd5b7a02c9eb49e452165487ea10d79401101d79c604d32f1450ffe96bb374541f65d8b0bfd4c00cb271199fcbf8d7872341d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe

Filesize
468KB

MD5
b5d8420d0e364b79091e0941cbf7ede7

SHA1
91ae447d555119a65fd343c52c9cf5fad1328ce0

SHA256
b5a20df32dcd1fa7065845ea6645aa31213d0d1e613dab917ea0f52014a4c872

SHA512
57c9eda45909a5a1a811fe9868e6dc53395ad7403801adf41def517cf63ad95d6eaf739f438c01b5b4637b4e65180e44222470e496f44006985bd93da83b32a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe

Filesize
468KB

MD5
687f4302723b4dbe03e573eba5e63044

SHA1
0d5967ad3e0b684f5fb39a7349cdf4e865ca430a

SHA256
13a7fd7ac012d918308b5157eb22c231da54db2bc4ede0ea4d9ce9a328a885e6

SHA512
81bd2d14ac84efa34aa9ca7e408f33223e21f96bd09406a1d9daf3963d3baead629ad736da1e8deabafdf0625c538e96b75be156cce6db9b0d9d711b5112e756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe

Filesize
468KB

MD5
a482fb5359845b769811e05679ac3fdd

SHA1
34b1e47f03c571c5b312562c881ccdfed7bac243

SHA256
905af25aa16f58acf0fee12324fdacf83f0ec042c4c483e29bab3df0fa16f49f

SHA512
4fa3a636d36d4d8bad80c1ce4e66d007440b065a4e1d2bfdd0cc4f1ea1cf17c30f9feecfd30956b6285af3b8bcdae2316c8fe037e74e26642c6fc78fad066cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe

Filesize
468KB

MD5
8d30927b1b729598738b3c020a81ca18

SHA1
fc10fb825f1f05122824cf4dd71cac8013e752c4

SHA256
45cae2e36dce83df07a765586b6b8e6a82755929b6ec5663d93108cad4801879

SHA512
eb5d114362c4c72032c5e6755ef82c6b5e1d895f0cca41652f2b4b1920195b3023dde54ca3798b508ef3ca4190cb1357d7a55c882a9ebedff3bee9b3c19b1234

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe

Filesize
468KB

MD5
984282488d333cfef32fa2387a721d6e

SHA1
168858c0f963a26dd3242c26e60214e57c528c3d

SHA256
8487aed29634956e47466b2219de76cf53705f6d40549d943a28eaf3dbee7103

SHA512
55b0e4e2fc2b103c40975bf82068f0b804e2c1b474b1c577e8c9c9dd15dbdf2d2634587ca0b86eb461ee4f1af4809a54d589252940f048ba47089e8373e89e53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe

Filesize
468KB

MD5
0ea088fd8047fd7cefc2e67d71912482

SHA1
89acb5edde337cf3954a5b00daf5a41ce2f34fb8

SHA256
c531977f7f4cd8d315dae2360ec642d7e427ff31ec684045d35cf262e364ca8b

SHA512
27b766fa694e9cddd02b6179aea39f802fd2b4f8bd4996d6074c87f08a0c7067fec9772102cbcbffdb22c576b6243b0b6576844ee1c4ca78a5b2a15fbb19fb62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33556.exe

Filesize
468KB

MD5
c93425bcdd7307c75a57cfbf0741790d

SHA1
33ac0ccf39ab780c8c7387355511ead73e57553b

SHA256
af599fd9128736b2f3332bd42d58826ed7dfb6dcc82c95739ffb2af16388a558

SHA512
e85d82f7861c2bd095dc17147cd34b738f7283d543ff53177c05423400208f7dc2ac34f486f87c4fe339b2876677fc3e397146a27ca7cda8dd7b37a72e41b567

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe

Filesize
468KB

MD5
e9ea17b97ce668ab28db7a754f8fce93

SHA1
116b07aa1bc10d9d738c06e19e2279d14ab831e0

SHA256
1f68bd5fbf25b4214bf0d841f7e0eb2fb07872a3ace0d173ab4a41e8a5ba6f05

SHA512
c31e5829c3e827c440128a07700be9b11a310b5153300e1ad370aa38aa41b7e53861b5bdce3319ea0df579819b8526768e8e479a7cd270e6b3f52c5a0d382c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe

Filesize
468KB

MD5
62719503be99b9fb13c7fbc0e64853d0

SHA1
365d78c8cd70066781e2f6ef427c0a59a40a46e5

SHA256
8851119736857fb7f0fb50ff028e1be95a7baf36c48c49f1a43bc2cb48416ae6

SHA512
c46d743bdef599977e3884a7d9e6da16091ae3c0d2752c7410b3ec52ca1320192816ee0d6d3a751da446f410dea4ae4199bfb7e08fc0275ed6974a9d2ac93c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe

Filesize
468KB

MD5
d1b9ef52d619a615bf765320aef23c39

SHA1
84f6a87baf083f47cef9b3ebc1e5d73a68401bcf

SHA256
fe6841efc05a9f3ad0e166876cc586e40fcc48b883efee2f5971444fd453a793

SHA512
eff94412469c645b403bbe94518f8b1ab5d2079ca4002b84f6829ad2a5fc4216e5eb481b93b75501ce4b39e6985cfea9c00e5ff9008118290f741e39a97bbf21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe

Filesize
468KB

MD5
4f5ad170a0efed41052613b21e920d0a

SHA1
92620007811b12533e1a949f2925aa4cbd0d19c8

SHA256
0e067916cdf6c475b0d0ac4365d13202a837b39362d3c20da22e52147ad17267

SHA512
cb7b22dc7f313b7e4f2898161d920c78b345b309dd34cc12f47d4a16ec9aab3fd558ac34582bbc78f865087a05d1ba3af9189d0345f21cb0f1145e6b396854c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe

Filesize
468KB

MD5
fe2966fdfb818423e16eafe46ad3d907

SHA1
3f1f7108103123a13055d40ff1113c191efdc2d8

SHA256
9753b5f92cad3dbcb64a781fcbfac9d24ae7de95d56ea185626194f0a9edd1b8

SHA512
3e6d84eafa8155ce554c33833e982ddfbf7309c04f79546ed0bca0fa2810cc6edec0b29fd0606a9bb381fb0c672d759ceb455ef3f9e24ab26500911f932c39d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe

Filesize
468KB

MD5
d1ed66b36393d22bd839dea413d9e9f8

SHA1
76c94a2530a32100fe66a8b61318bad563a33718

SHA256
85c7181f4620011a6897e55a9c064d4dec89d93a18f74e417910c6b48fda185e

SHA512
47920a5b98a80106938c0e307e4e20141a98a99803af0501a8426199311013fc5f14fcc0c3efd16bfde0fd8c0155b5255b0d26924e3ae71abc2c19684d62aa7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe

Filesize
468KB

MD5
fec977dfc19f0b4e3d0f00a106da5280

SHA1
bb39d73bb15fdd6dd4e0c756f1206e21bd572ff6

SHA256
d5d592c87085479bf12c2c8c1fb60ec5b88dc6f6ebaba3a8135850c532d621f6

SHA512
b63287d612d33117546afcf9355847b9c9cbed859d54986b978a692b9185bd0eede4b9646bf2000ce179601e0491d5f7dbb75925c8463fedb5d07609af46c5e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe

Filesize
468KB

MD5
06bedd50f9242b390945bae3d5c89260

SHA1
2724919c27edfeb33d40c0390713d307d9e28f8a

SHA256
1b2eace43b7d466d059c336091fd2ab272b3dbd95aeadf1772bb4c42ca7e09f5

SHA512
c566e334c528ae1c76483a4862125ec384560605f4f4c4ac022d7c49bcf8b60e528c494bb43001adb8ea3cc87ce6934ff084d008a08ee0328320cf5684313fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe

Filesize
468KB

MD5
2b7624018ecf6ecf70ccf40f89ec53d0

SHA1
9988640bccda67a331ced6a4ce0136dfeec668ef

SHA256
8ef1947b11578ede4c4c126844f596a652b834c92b8caf40113da983d53db75c

SHA512
7091cfef58641b7de0362d71ad9b458b42ca17a68985f94cf2845fe12318e77d5429b4535c02da5cc01ba7a94525867de10430de1a0d3ab0fc61466481393b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe

Filesize
468KB

MD5
fffadaa427d47c6a5ef8797055120154

SHA1
042492fbc97a8fc84360cc8c3da3e2043dffd08b

SHA256
67727bbf5ece4921505fc70cc9215665576c6ba3bbac23c16bdfc890387208e8

SHA512
e52897818aee6d7c07a4aad288c361172ba540fc5e1bba0de1773ee3ecdb39163e592f592d0c826b3de66e485fbc28af058634cadb69b033c37a6f24d0e8f783

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe

Filesize
468KB

MD5
bd52a7a139d386b0a5e2c90f45efcc59

SHA1
b24d42e2c59172424c764faa9eaed20c6ea8cc1b

SHA256
41af3ddd8a7597967fed0f8e625b808ac29ca40f5d3396663fa3bb193162ab7b

SHA512
b463cedaf0475ad35730948bf5cc2e337b884240d26b39ccf7d8f6bb7edb0097a11116aa3963e1f2bcead5b78e4ecbeeae0dc75641cdc7ee039fb85caa25297f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe

Filesize
468KB

MD5
5c1fa8f4faf2cb805137816301fa31b3

SHA1
163dc3cadc2b62e8b2f47c3d5c13dcd7c83d83b4

SHA256
0ac624a6bd49aa9efe3211adba422d948f545493ea7ae9befe204bf7d000c1cf

SHA512
497b9988a04fec57db2d619676c8acdc9bb9f76425648bb1d486e50e03592e67f35a068b0e4e8f3f88976a2fe3c1dfe23b01596edb354f63dc79b71b28400518

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49778.exe

Filesize
468KB

MD5
973f60049d69e69aa3b819691d76cd6d

SHA1
7045131441c4cc9bed148c1c2a5f27d0adb88ab0

SHA256
f3697eb1bf672133aadbeb727a838e9a69e5d760f1c80cbff6e1d88fd9e0530c

SHA512
b3a814d87802330ee3967dbdbc8e1affa6db9440636f940aa85a0b915f6b4b54c0d3677f217d2dc1ad0a7571a777d4960ab51fe9550f9b0a5a4dac02d45e10ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe

Filesize
468KB

MD5
ba6f902b1bb30f711b2fbaae1124c88c

SHA1
d4745d3278b2147d0b87d75dd39c8fdc6c90dadf

SHA256
90db0a1d764a6b5244ce05991763f293ac77c03f7d97ae89c41da05322a814df

SHA512
1201f8129e8b93c9bcafc6a34f95784699b62bd5ddd3071652a186b9cac9e4a7627f152e21e16c4d22b6b95e55e50f73fec6ca02c4c4a522d9932145d407db1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe

Filesize
468KB

MD5
23e248de52a372b00f224fceacaad7c7

SHA1
de4cad83d1366fd87452cbea0803fbe78fc0eaa3

SHA256
71491b01da0924b85d038b1548ce7e01de41e6a83a7a3fc3746bfa0bbe8a24c7

SHA512
601abb660a8aeb3304952855adbe934f9dd4a11e6bbea5e155e1b151e2ea97019ace7bc52d2e5a547d0c320ecf2e070dde82157f9d5acad87e0157d5e42e2660

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe

Filesize
468KB

MD5
90efb2dbe33662812e53d75536f3b40c

SHA1
39780d898bea73bb10a2e1d3aa0c51ff14623440

SHA256
071ace5aba691396a467f132665ec1dc036113238b281ab169b37082c0a5d662

SHA512
798f0f1be8b4c73574b3b2d463fe60a1ad48cac1d8aa23f17266a8361fc7322dd851a7118dd331844577e1a00e78dcb94a9d922490cac796a1198c98f9873838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe

Filesize
468KB

MD5
a92b2b9a94e7eb45c58b056dfaf3503c

SHA1
3d510e92351a23c0b545bf37c8f77006b06ce8bb

SHA256
a1fc3f0eb3918ba1a9eac003ac3336e8ac3c606119fd221a8890e7dd97a9cb41

SHA512
c91836ae515efe8ae6fec979862c04ae2ae9fed8e101ff443e43ab50d39e2e6be7003990486b2758f85b21a4c4d6a4e11d0f176e960ae93854cf0c0b9fd751b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe

Filesize
468KB

MD5
e43fb0bd67dbe40dcd980ed0edfede5f

SHA1
29e27e1477c42b7be5e38f30f43d0e7d9a716355

SHA256
23e4739e1546932e1e037048739c0eb46b3f4159abef7dd0d1a3027fc559d47f

SHA512
779c6395046751ffdf6726d9a954f6713652042bbda857e0dddac32e90d735ccf19ca4f75785aa6a240079ceb86f5e65baa9365664e2bde9b565b1b84928be8d

Download Submit