9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed

Analysis

max time kernel
119s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe
Size

468KB
MD5

457a85d6a54c1cebad9a318e3240c5e9
SHA1

98e0aea5b75b519ec20e6e607586fe1ae77a4621
SHA256

9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed
SHA512

91d429f22670c252b3f1fe6a75263b5b58e977734e0e9c1bd8637b20e9f9f9238ace256cd4caf536eae3cb4e139764058b6837ffefe8e544c2091f0474eeff4c
SSDEEP

3072:8U0KodIKx85aDbYJH5cOcqF/XCo4O0pQnLHeomZKSPN+4XPs6WlZH:8U5opUaDOHSOcq5YRESPUuPs6a

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4016	Unicorn-58638.exe
3532	Unicorn-59754.exe
916	Unicorn-60309.exe
4220	Unicorn-26672.exe
1596	Unicorn-61482.exe
396	Unicorn-584.exe
1576	Unicorn-14319.exe
4852	Unicorn-61072.exe
2584	Unicorn-174.exe
2924	Unicorn-1565.exe
3032	Unicorn-48628.exe
2448	Unicorn-48363.exe
1444	Unicorn-42498.exe
380	Unicorn-28762.exe
2040	Unicorn-29914.exe
1012	Unicorn-63978.exe
5000	Unicorn-22946.exe
1624	Unicorn-60562.exe
5104	Unicorn-38658.exe
4676	Unicorn-35774.exe
2668	Unicorn-21384.exe
2384	Unicorn-13770.exe
2920	Unicorn-56194.exe
4972	Unicorn-37812.exe
3940	Unicorn-24705.exe
3996	Unicorn-24076.exe
2632	Unicorn-21118.exe
4496	Unicorn-32458.exe
4848	Unicorn-16021.exe
4616	Unicorn-55919.exe
632	Unicorn-25214.exe
4916	Unicorn-41550.exe
3148	Unicorn-41550.exe
1256	Unicorn-57886.exe
4420	Unicorn-7294.exe
3376	Unicorn-61513.exe
3480	Unicorn-33089.exe
4368	Unicorn-36458.exe
4268	Unicorn-11299.exe
2880	Unicorn-4409.exe
2472	Unicorn-11207.exe
408	Unicorn-62354.exe
2896	Unicorn-62089.exe
2960	Unicorn-25406.exe
4408	Unicorn-62354.exe
4344	Unicorn-19275.exe
960	Unicorn-37658.exe
4880	Unicorn-37658.exe
400	Unicorn-12192.exe
2832	Unicorn-34128.exe
3640	Unicorn-23268.exe
3508	Unicorn-21135.exe
3904	Unicorn-52624.exe
2044	Unicorn-54549.exe
3472	Unicorn-50465.exe
2404	Unicorn-58389.exe
4456	Unicorn-62738.exe
4236	Unicorn-65431.exe
3544	Unicorn-5269.exe
4356	Unicorn-29773.exe
1516	Unicorn-13345.exe
4024	Unicorn-7699.exe
2400	Unicorn-13729.exe
4412	Unicorn-53392.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
13148	11480	WerFault.exe	560
13200	11916	WerFault.exe	534
17348	5980	WerFault.exe	859
7144	6668	WerFault.exe	966

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64385.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe
4016	Unicorn-58638.exe
3532	Unicorn-59754.exe
916	Unicorn-60309.exe
4220	Unicorn-26672.exe
396	Unicorn-584.exe
1576	Unicorn-14319.exe
1596	Unicorn-61482.exe
4852	Unicorn-61072.exe
2584	Unicorn-174.exe
2924	Unicorn-1565.exe
1444	Unicorn-42498.exe
3032	Unicorn-48628.exe
380	Unicorn-28762.exe
2448	Unicorn-48363.exe
2040	Unicorn-29914.exe
1012	Unicorn-63978.exe
5000	Unicorn-22946.exe
1624	Unicorn-60562.exe
5104	Unicorn-38658.exe
2384	Unicorn-13770.exe
2668	Unicorn-21384.exe
2920	Unicorn-56194.exe
4676	Unicorn-35774.exe
4972	Unicorn-37812.exe
3996	Unicorn-24076.exe
3940	Unicorn-24705.exe
2632	Unicorn-21118.exe
4848	Unicorn-16021.exe
4496	Unicorn-32458.exe
4616	Unicorn-55919.exe
632	Unicorn-25214.exe
4916	Unicorn-41550.exe
3148	Unicorn-41550.exe
1256	Unicorn-57886.exe
4420	Unicorn-7294.exe
3376	Unicorn-61513.exe
3480	Unicorn-33089.exe
4368	Unicorn-36458.exe
4268	Unicorn-11299.exe
2472	Unicorn-11207.exe
2880	Unicorn-4409.exe
408	Unicorn-62354.exe
2896	Unicorn-62089.exe
4344	Unicorn-19275.exe
2960	Unicorn-25406.exe
4408	Unicorn-62354.exe
960	Unicorn-37658.exe
3508	Unicorn-21135.exe
400	Unicorn-12192.exe
2832	Unicorn-34128.exe
4880	Unicorn-37658.exe
2044	Unicorn-54549.exe
3472	Unicorn-50465.exe
2404	Unicorn-58389.exe
3640	Unicorn-23268.exe
3904	Unicorn-52624.exe
4236	Unicorn-65431.exe
4456	Unicorn-62738.exe
4356	Unicorn-29773.exe
1516	Unicorn-13345.exe
3544	Unicorn-5269.exe
4024	Unicorn-7699.exe
2464	Unicorn-61539.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 4016	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	90
PID 812 wrote to memory of 4016	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	90
PID 812 wrote to memory of 4016	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	90
PID 4016 wrote to memory of 3532	4016	Unicorn-58638.exe	95
PID 4016 wrote to memory of 3532	4016	Unicorn-58638.exe	95
PID 4016 wrote to memory of 3532	4016	Unicorn-58638.exe	95
PID 812 wrote to memory of 916	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	96
PID 812 wrote to memory of 916	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	96
PID 812 wrote to memory of 916	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	96
PID 916 wrote to memory of 4220	916	Unicorn-60309.exe	102
PID 916 wrote to memory of 4220	916	Unicorn-60309.exe	102
PID 916 wrote to memory of 4220	916	Unicorn-60309.exe	102
PID 4016 wrote to memory of 396	4016	Unicorn-58638.exe	104
PID 4016 wrote to memory of 396	4016	Unicorn-58638.exe	104
PID 4016 wrote to memory of 396	4016	Unicorn-58638.exe	104
PID 812 wrote to memory of 1576	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	105
PID 812 wrote to memory of 1576	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	105
PID 812 wrote to memory of 1576	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	105
PID 3532 wrote to memory of 1596	3532	Unicorn-59754.exe	103
PID 3532 wrote to memory of 1596	3532	Unicorn-59754.exe	103
PID 3532 wrote to memory of 1596	3532	Unicorn-59754.exe	103
PID 4220 wrote to memory of 4852	4220	Unicorn-26672.exe	106
PID 4220 wrote to memory of 4852	4220	Unicorn-26672.exe	106
PID 4220 wrote to memory of 4852	4220	Unicorn-26672.exe	106
PID 916 wrote to memory of 2584	916	Unicorn-60309.exe	107
PID 916 wrote to memory of 2584	916	Unicorn-60309.exe	107
PID 916 wrote to memory of 2584	916	Unicorn-60309.exe	107
PID 1576 wrote to memory of 2924	1576	Unicorn-14319.exe	108
PID 1576 wrote to memory of 2924	1576	Unicorn-14319.exe	108
PID 1576 wrote to memory of 2924	1576	Unicorn-14319.exe	108
PID 396 wrote to memory of 3032	396	Unicorn-584.exe	109
PID 396 wrote to memory of 3032	396	Unicorn-584.exe	109
PID 396 wrote to memory of 3032	396	Unicorn-584.exe	109
PID 812 wrote to memory of 2448	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	110
PID 812 wrote to memory of 2448	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	110
PID 812 wrote to memory of 2448	812	9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe	110
PID 4016 wrote to memory of 1444	4016	Unicorn-58638.exe	112
PID 4016 wrote to memory of 1444	4016	Unicorn-58638.exe	112
PID 4016 wrote to memory of 1444	4016	Unicorn-58638.exe	112
PID 3532 wrote to memory of 380	3532	Unicorn-59754.exe	111
PID 3532 wrote to memory of 380	3532	Unicorn-59754.exe	111
PID 3532 wrote to memory of 380	3532	Unicorn-59754.exe	111
PID 1596 wrote to memory of 2040	1596	Unicorn-61482.exe	113
PID 1596 wrote to memory of 2040	1596	Unicorn-61482.exe	113
PID 1596 wrote to memory of 2040	1596	Unicorn-61482.exe	113
PID 2584 wrote to memory of 1012	2584	Unicorn-174.exe	114
PID 2584 wrote to memory of 1012	2584	Unicorn-174.exe	114
PID 2584 wrote to memory of 1012	2584	Unicorn-174.exe	114
PID 4852 wrote to memory of 5000	4852	Unicorn-61072.exe	115
PID 4852 wrote to memory of 5000	4852	Unicorn-61072.exe	115
PID 4852 wrote to memory of 5000	4852	Unicorn-61072.exe	115
PID 916 wrote to memory of 1624	916	Unicorn-60309.exe	116
PID 916 wrote to memory of 1624	916	Unicorn-60309.exe	116
PID 916 wrote to memory of 1624	916	Unicorn-60309.exe	116
PID 4220 wrote to memory of 5104	4220	Unicorn-26672.exe	117
PID 4220 wrote to memory of 5104	4220	Unicorn-26672.exe	117
PID 4220 wrote to memory of 5104	4220	Unicorn-26672.exe	117
PID 1444 wrote to memory of 4676	1444	Unicorn-42498.exe	118
PID 1444 wrote to memory of 4676	1444	Unicorn-42498.exe	118
PID 1444 wrote to memory of 4676	1444	Unicorn-42498.exe	118
PID 3032 wrote to memory of 2920	3032	Unicorn-48628.exe	121
PID 3032 wrote to memory of 2920	3032	Unicorn-48628.exe	121
PID 3032 wrote to memory of 2920	3032	Unicorn-48628.exe	121
PID 396 wrote to memory of 2384	396	Unicorn-584.exe	125

C:\Users\Admin\AppData\Local\Temp\9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe
"C:\Users\Admin\AppData\Local\Temp\9d74242dc2a72a8b825d82b017f1263a692781a48b9c2fc0da2bf947f67447ed.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62738.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        9⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        9⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        7⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
        8⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        7⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        6⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        6⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        9⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        9⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        8⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        8⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        8⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        7⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        6⤵
        
        PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38400.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        8⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        7⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        6⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        6⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        6⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        6⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        8⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47506.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        8⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17924.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        7⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
        7⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52356.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29658.exe
        7⤵
        
        PID:15904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27322.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        6⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        7⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        6⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59680.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49835.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        8⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27296.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        7⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        6⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51470.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        7⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4605.exe
        6⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31771.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        6⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        7⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        7⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
      4⤵
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
      4⤵
      PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42430.exe
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24460.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
      4⤵
      PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
      4⤵
      PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        8⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        8⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54977.exe
        7⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 224
        8⤵
        Program crash
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        7⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16455.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        6⤵
        
        PID:16856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        6⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        7⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16801.exe
        7⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
        6⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        5⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
        6⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51992.exe
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30014.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        8⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
        7⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        7⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        7⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        6⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9754.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23279.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
        6⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38482.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        6⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        5⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
      4⤵
      PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
      4⤵
      PID:8408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        8⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        8⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        7⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        7⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
        6⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        6⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62603.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        5⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        5⤵
        
        PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        7⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        6⤵
        
        PID:14888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        5⤵
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        5⤵
        
        PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        5⤵
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50004.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9535.exe
        6⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 80
        7⤵
        Program crash
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19658.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
      4⤵
      PID:8896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
      4⤵
      PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
      4⤵
      PID:14696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19432.exe
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
      4⤵
      PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
      4⤵
      PID:6768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
    3⤵
    PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
      4⤵
      PID:16688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
    3⤵
    PID:7768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
    3⤵
    PID:9760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:12764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18458.exe
    3⤵
    PID:15932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
    3⤵
    PID:16184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        7⤵
        Executes dropped EXE
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59972.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        9⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        9⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        9⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        8⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        8⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        7⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        7⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56910.exe
        7⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        8⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
        8⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        8⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1507.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        7⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        7⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23550.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46710.exe
        7⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        8⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32259.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        7⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        7⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52735.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        6⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        6⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        6⤵
        Executes dropped EXE
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        8⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe
        9⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        9⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        8⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        8⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        7⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        7⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        6⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        7⤵
        
        PID:16556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        6⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        6⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57839.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        6⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        6⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13209.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        5⤵
        
        PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
        5⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
      4⤵
      PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
      4⤵
      PID:15748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34397.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
        7⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17338.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        7⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64456.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        7⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        7⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        6⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        7⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37086.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56812.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44137.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        7⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        5⤵
        
        PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
        7⤵
        
        PID:13244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        5⤵
        
        PID:15368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
      4⤵
      PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16473.exe
        5⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
      4⤵
      PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
      4⤵
      PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
      4⤵
      PID:7272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        7⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        7⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        6⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        7⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40098.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30837.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        6⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        6⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33719.exe
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63226.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        5⤵
        
        PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
      4⤵
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        5⤵
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        6⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11480 -s 464
        7⤵
        Program crash
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        6⤵
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60247.exe
        5⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        5⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
      4⤵
      PID:8032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
      4⤵
      PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
      4⤵
      PID:16448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        6⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46214.exe
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19432.exe
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
      4⤵
      PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
    3⤵
    PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
    3⤵
    PID:13288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15820.exe
    3⤵
    PID:15756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        7⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        7⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        6⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        6⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        6⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        7⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49259.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12452.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
      4⤵
      PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19593.exe
      4⤵
      PID:16328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        6⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        6⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
        6⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        5⤵
        
        PID:10572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
      4⤵
      PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        5⤵
        
        PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
      4⤵
      PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14800.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
      4⤵
      PID:15280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
      4⤵
      PID:17332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
      4⤵
      PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
    3⤵
    PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
    3⤵
    PID:13036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
    3⤵
    PID:15920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        5⤵
        
        PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
      4⤵
      PID:12840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      4⤵
      PID:17292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
    3⤵
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
      4⤵
      PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
      4⤵
      PID:16536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
    3⤵
    PID:6404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
    3⤵
    PID:10308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
    3⤵
    PID:13640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
    3⤵
    PID:17100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20584.exe
    3⤵
    PID:16852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
    3⤵
    PID:8280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40920.exe
        5⤵
        
        PID:11916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11916 -s 468
        6⤵
        Program crash
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
      4⤵
      PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24569.exe
      4⤵
      PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
      4⤵
      PID:11980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
      4⤵
      PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
      4⤵
      PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
      4⤵
      PID:8232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
    3⤵
    PID:9976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
    3⤵
    PID:12992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
    3⤵
    PID:15372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
    3⤵
    PID:16896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
      4⤵
      PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
      4⤵
      PID:15092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10914.exe
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
      4⤵
      PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
      4⤵
      PID:7604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
    3⤵
    PID:9692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
    3⤵
    PID:12812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43910.exe
    3⤵
    PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
    3⤵
    PID:16968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
  2⤵
  PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
    3⤵
    PID:9864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
    3⤵
    PID:13760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
    3⤵
    PID:16548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
  2⤵
  PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
    3⤵
    PID:13664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
    3⤵
    PID:17288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
    3⤵
    PID:3312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
  2⤵
  PID:9432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
  2⤵
  PID:12788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
  2⤵
  PID:15484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 11916 -ip 11916
1⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 11480 -ip 11480
1⤵
PID:3696

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:17356

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:6084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe

Filesize
468KB

MD5
8f860339ef5afcfe67c73c8157610cc9

SHA1
5f5d7fa10d3f8a3b6230d529c3040958dac20e83

SHA256
4ca60f64a78af89bbb25fcfdb809c7e2619040870aec0019061513bb9cfe53d0

SHA512
caf22e730491a681e22a487d2de4d76ec04b83ea34abe7ed9d84c4817f8aa2a88f1a3d6b4bfae71eb9ccb847316b936b0960a053c6e96465de2de7770afabdfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe

Filesize
468KB

MD5
a7f8a1a0060cbbb95d250d547c2aa5bc

SHA1
4b5e952dd18ce2660913253367995dbacb3ad305

SHA256
92c5f57cf5e8aa51296b4d6490b467640cc12be7f10d764229b0335d27f79917

SHA512
f12f29e304b5e8bf0133761227051a95b34e0984b492754b173cc320ef3e8c3a7d5e0009db406acd0f7628798472f1a0cd5fdae788cdb33be1740265a93cfe22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe

Filesize
468KB

MD5
ce9846faf7f48db2a4838b9ccc1c1040

SHA1
c900e0014b156105479ca53b2b23020f2a5c5ff8

SHA256
cc59f3595deceafa4ded60f1b3fde826a64b67fec2c458a6fbb3509ec439e40c

SHA512
4fc6c417cfe9a8ab480cab978da725edd1d9c94b81243a2361ac7b1a628f722d5c34043917cd2408f76b1c77579a6235741e6df2b2beaca1c5d417165259d1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe

Filesize
468KB

MD5
e1f73aaf07b4774abe668eeacd1e509b

SHA1
a131a1284a6e905654c197f16391b04163a05d45

SHA256
1e35ff8e616911024997ee93438eb0b25d028f7a61c73364a8dd192de892b921

SHA512
611176b205d662b3753062ac04c02da469a75eec060dd32fc96680a6e6b632c86d092ca8a1d09113f0410a6fd9452efe390aa99acfddf5fc7fdeef9f8fed6c2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe

Filesize
468KB

MD5
fdf87d0a84fd830e975657665b07df6b

SHA1
8cbaa09fde355e837eb89eabff9721f658e662d7

SHA256
410822a8321f38bfad81f7c1c71e1d32f11c832fe50b1ef9c92a71791eaa2960

SHA512
0e45f184028b6291305e04f755b02f81979762206c431b2aeb3918f5a9c5f3e2a417d587b3e999b6c551fec6b351ed04d2deb16f008cfd991a019d9a9d71288c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe

Filesize
468KB

MD5
787c375ad259c7ee03fd5ac3255e78b8

SHA1
74293c57b8245730c952d55f20485ac86c9c2be6

SHA256
4cbdbb3d457946b33d230d0079210ba4bf0aa428ea18f42909fd00da44f6c81f

SHA512
65f77d186605cce28c1f9faeca8f2e53413420cd6a1f4e117e4b1a1eb5826b2d3beb712d74dc93d8fe5fc69ef5e631d3277ca87ff03650bf9b44e23192391842

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe

Filesize
468KB

MD5
f4f2834a69e8125d1bc9dce48dd57fb1

SHA1
c8837772b3c97f4b24352ba05159dec2df7de3a5

SHA256
f56e09a1af29199f1d8f8724fa27621469ebd94417e8d86abe4a9972fb40c1d6

SHA512
38a57b2c39e448e38c54185ad90b35ff3c31d8c4972b468739ab30a5a95232ab304ee4e97ed441e04b3b52733be9535c70fafa016466fe9e781de4cba38d0e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe

Filesize
468KB

MD5
92d8985397fdc5d573292039456caa01

SHA1
8609e97ecc09a5110a3f0479b5dba947a683c095

SHA256
54b1da4c31e39c95beb168f615f13fc8a91a8510b8a52a4beedd3da220448e72

SHA512
8b041595365a0fc2e150df89e12f0ddfa17edf50a2aaf8005aa03a8b09fd9fea91e22a38c381bda8090e0a2b5c8c55c16ab040342f1669c4cc2b3f21922ebcf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24076.exe

Filesize
468KB

MD5
0882fde2e9037701dff6c6e3063981cc

SHA1
ec059c48e00c0f9aaa9e2cc79c2fe368d9c3ae94

SHA256
5b166455b4bcad603066aab690fd6afc9dd3657ee8018c5b4ef11af55190c5f8

SHA512
6b6730024b36c241293378c2f3bf76c4ca5c88160b0f69f57561ea833f955256fdf04122faa83b7aa0b3c28ca4fbfb953bb009110fa8608854305fc0f2bae75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe

Filesize
468KB

MD5
3e82ab05bc3321c6468af08a0d0a7232

SHA1
22712800f1ccfb33cef42d67924cb4d8d3d8e73a

SHA256
d14d9a307423bb0f625b5dd7436cf503f1dabe30b70ddd694254081f37bfc332

SHA512
fe4cc1c290c37c05778bd3296b844fc1a5e79fccd53c2da71c4a0315b48dea69019c26621704afb8a36b2ee67491b40fd5506d05ce261b89a9bde4b047b33d11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe

Filesize
468KB

MD5
0664958dc2a807eeb4280e1ae19b79d6

SHA1
218870c2e6606ce55313b5308c6f34c469899b5d

SHA256
85c3c964ea57cf21e046c86dbf0c0c2ec469153471e5d842146a9d95a49000a0

SHA512
da50558c7082857a8dcfac403f6e350908f6dbb94752e58669b63932164d3e6e70be5a302c70edae96d3e4843139febb8f0a9375876c74556a0df7bb1bbac15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe

Filesize
468KB

MD5
cbd664388a557a154b9021da95b4e566

SHA1
5c5a745acc90864faa85141b9b4139c25220db96

SHA256
bdb8dc0f5f1c508ef156b6b79649810fcd3da8cabd8908f957b43f97c516cb9d

SHA512
869e77f6856b11c2a543af49d8761d25c48ebca81cdaa60905cc3885823ec911d960e9ccd7e006c95d51e818a416b524317efa7c8fca444afbd46a7a6679fd00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe

Filesize
468KB

MD5
103e3bdaa1b8ff2d3cf19ef4113463d0

SHA1
749a8526f15f304f979b7257b374551a1012d6d9

SHA256
e3e270276e8f89f8dfdd02c3575138d052e9c71385e5f9ac73164307864b6eac

SHA512
754251aeb0a66d2c57ab705f5d705ade0d6d0785715a80889ef3d818a849b33585450a1267f6ee8749c1cb567e274f10bf6317bc083a338355591e299158159a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe

Filesize
468KB

MD5
792f1769e528a8f4ee85303fa7ccd3e4

SHA1
35bf86b3c0f1ba4ad0517b48ec16ce6d82904464

SHA256
77793285408991aba22f0a1ae3dadc05896932ba64665bcfb1d8433fe7227849

SHA512
68324b875bd060b2de2a42ad34ec94bde19067cda7118a2cbb8aa1368514b661934f579510b05bf1c46ea55eb8edb81c96da6486ddc8f34aea8b079b8d5301ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe

Filesize
468KB

MD5
a9927136ec8dca8ec5d7dbfe26b8583a

SHA1
b221486d6b85c37576a6b686d9a9e8fba7e82fc5

SHA256
c5abccbcaf11c5f74fa45b7f714cd1b4aaa63be9c1fe7fc9645fead35f929158

SHA512
fb732f157db945856666eab36c23b01e8a4a0107edd984ada77600de35577bea5d869cddd52ac3f6cf892991bf4f096cec516abf5056074b8641a4977fdf39f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe

Filesize
468KB

MD5
f2c2fa640bfe4acc7d92ea60406353fb

SHA1
b6d3d16c01e27b4e8d59a5a2058320cc7b05a5da

SHA256
cdc5bda19f2bb4481beb9376fc45cb3ce8a97846438867faabcd18a0fe0c35a0

SHA512
493b8ec5177793dd32a86adf6cfd7c14ba6a098a504bc3abdcc4015da9ee0912b0cb69d10737a5ea3befa059379ee2a9e94b393a1705ce545eeb3180bc24d140

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe

Filesize
468KB

MD5
15fcd9132384ed220a3fe80613d2a32f

SHA1
8ed0f505ce39dfad50bf6d9fa5386d80e5ddec0b

SHA256
62fd476c0156364110c7734a6bafb5f1040c82e7843eedd32d3cb5d643f349e0

SHA512
b9b42260c5c12568aaaf013faa615fb5e8d83a5d615eca11d75ba5e0dd02f00eb6da87284acc551dfa358249e986c48d28a4158e3b5d154eb084c1e5da0c1f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe

Filesize
468KB

MD5
b0f8ffe484780925e433578b3703c99d

SHA1
8651984f464ac9e784c83a7169c860146093de49

SHA256
86c6a00b1b8fe76a8cdd15e72fe46e7781fbaeda15ee45fa837b23f9736ccbcc

SHA512
2f4919a14fa548742175e841647d43a7e0b95d282a4f875f4bed91231c2b0e1ee10ce3a6c338f0e33b5e78fadd348df88c9ae394654ae144df364740390a0820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe

Filesize
468KB

MD5
9f06d98237ee3c602fdbb76ff9decba8

SHA1
13ef59f3ebfec1a041b898de273b683eb5eb22dd

SHA256
0f9ad8e8082df1b1c2eb75706faa82071903f438500fb67ce54b05d55b8667f6

SHA512
f3be51094492b6a6d35c1bdfc041d9c10765fcbfce57cf364fd3011b2362764975438bdde9fb09a6aac90edba64ff96311ea5aa607a370e7e740826bf05c382d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe

Filesize
468KB

MD5
f8e27e2142fb8d24a97577d194b64b46

SHA1
274ff30d53be4fa1b5a330e6e4fe19f5a4f78d5d

SHA256
ec45533b860f2e3d270aaca843828381baf0b28b7bcb0a027a7f565b8aa00810

SHA512
1d8f062c8c0db07d866fabd9285103db08a34e576b502a41f3be013470031759ac661a3a8a6497c9462979270410864a4d5def8f7624af6af2207fb50cd444f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe

Filesize
468KB

MD5
4e8cd7e79ef0b9d1eb7704539cfc0031

SHA1
6826bdb2ef632accad4baf41f6e161eff99bb529

SHA256
def9df04f7d13626579dce0042c43b89bfb20141b8591aa44a09da75ccd63a2f

SHA512
be202d6d5079dc321ebbd7d63cb8d6ea3e9334d6c659f9049d33d595086c8348551ac3f7839bffc1ae89ee128fe26d71f3ce85f4cfdb533bf42048e75efc70c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe

Filesize
468KB

MD5
01556efa50e111b472934778319832bd

SHA1
800a0175e7b359c0458e7951b9f3f34fdf54daaf

SHA256
9a0de4355d7509d4f0ffe1660bfacc7f9cc12b887c8a14fd2a550a6e417941c0

SHA512
87cfe817ce2f10f1636ebf1e93cf61640d3ad397bd99390f5a4e9005ece7cb79aedd6a2c6b832110fb75cc9dc332e03fade16bf6d195d5adcb313425d41b2329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe

Filesize
468KB

MD5
a432824ef1c4b139d21693bae7281775

SHA1
d041df129e6e8f87f9a244a45c16097fae426c66

SHA256
a3615b344b3eb101ca9cd90c57ea75e127a3c85bd57197f3d286fbbc3e79fa41

SHA512
14cde60676b01dc498f98d282fc35ca2fcd08634a0ea4d5136e4ae4f08fd072c944be45a9b164d4f683d32543fb063906c2df3c499361236bbfc5d6d8d745172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe

Filesize
468KB

MD5
86aeaf52324198de686af75d72c9ee97

SHA1
fdd67ee55a7786750321a56b5a87dff48bfe7c96

SHA256
8019d803b1f777847bae1981fd234fd0f8032679f56ccc24ffd7f6506bd7d286

SHA512
3ca230412791a87ebc0bdc0a405bc710f2be09ab2fbe53b4f432169982f1cb7f4f4ef14b0152b9123be91efee1c5a1c7f6371d568f6bd044b5cabe0849a56d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe

Filesize
468KB

MD5
c25bc3c3e6411620744143fc98884b88

SHA1
5ab3e13ae4accd02ca895d83967fa46759c3a478

SHA256
b32495031ee3c9828a68ded9b9e1bd0472cf3d65796b6453a33fbcacccd80450

SHA512
191309b1d1b1c050466fcce0f516b51082e7e95f7b8b3bbb52ab044b32333cc332b15afad05eefeeaff91eb388e06f583084741c204778ef899b10aceab7835d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe

Filesize
468KB

MD5
fcb31b94f56459655737dc3cb2a2349d

SHA1
53690b83c2186180614ee0b907087947551172fb

SHA256
00d36f123e4b17963f210f94b9d0ca959289cbec8e485c5bdf143df3d7953b3a

SHA512
4048539e77102f75ad3b35d1978b3ec90a5007d20c8e0d5351749f7efe4e793094e416eed22521d952d01b66b9542999ed37a5ebc501033eeac60b43f673b962

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe

Filesize
468KB

MD5
529698dc97cf0273d185525543546a76

SHA1
ba800d2dd05c35a25c7ae6d99931ce208a91ed15

SHA256
8c1c608a4b004ff20b18c87738376dd731c8c2365f1fe1f64218afc768a6e103

SHA512
201a9b17da9939492b344c03658170620ddc37aa8519e3cdfb1644d0135d4293a6a7a9282f0110e4fd04596da952062a0393066de809d23eb9bc737ff9c86a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe

Filesize
468KB

MD5
4f4b5da2ebf518f5c37c23fd6894f983

SHA1
76151f238d4baa5e6bae4487f98d2b912061701a

SHA256
015646e20eb8de17d67472b5f4b0a986267a1f36d12a90f5817e8dca675d662b

SHA512
0a3c0c5e8c67bc527ac060ec6bf93c15e2edccd8544b13913b8de9f8718571f0ed7a32e7480c03aa0f45680c8a4885ef703d2d4b50d2c760c50f16906ae07ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe

Filesize
468KB

MD5
ef98d36c6dae2c6bb843a30a9202fa10

SHA1
be3bd15fa9739593933c608bd6843b5eb9a98f69

SHA256
dacfaa1dd5f5ab10f723062489b60219ad5b4163e56fb0f57d478bb468ee6bba

SHA512
b05d0f7c5eefc3f9e691392aeba5975c795a1f13042f7abb7b9d9be2202bda1986e772e78bff9f0f47a9d72c9c8ef66a044b68db9d41a262150a4d9a8b859caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe

Filesize
468KB

MD5
b804c709352dbc254609cde60de5c9c3

SHA1
bcae519c30bd6d59efbc2ff0a96aa0d1a0b059a5

SHA256
9a7319227cb68f0e68f8ddc416f4ce98d0c7771eaff50e273ee51557f2505b70

SHA512
b08a81ffadf2a9b6bb25d61c0c1e398d8c8358d7817a5cc9b4b2292acfecc0fa52c61a078ec65ead78ec8a0ce8c7ae65c1a1dfbaa51a9c33c6feb11bc5053a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe

Filesize
468KB

MD5
2b886d109d80d9e9d2c337e38e61aa17

SHA1
e3da81785dc24a0a91194cecead0139b2b526c25

SHA256
85b2b28180bbd346f512e2c3db4b9b55c3226741e649e098fafd733feb84ea75

SHA512
2c662f678bf36b055f014b715e1275ec6ff4aa9ecbb90c78b8bc3f53ce3011f63a55e022326806dad3df2a21441cba72c805e897e5d77e8770f95c0f77095316

Download Submit
memory/6576-3263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download