10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe
Size

468KB
MD5

07da01c80e9bcd96480244bb19c2be54
SHA1

a28b249a4ab36c60766083e6e566d996b2ffc6da
SHA256

10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98
SHA512

99774eb6004904337ddb0af37ad49d1ac842ae749d905b4d6cb00841253fa798bf75c87293632e5aada460a49f6a945fbad8e21130606b069c57663dc8fe9482
SSDEEP

3072:a0ACo3lwIj3qtbYIPpcYNfT/rCKX4I6Q71HCOVQx7aKLCwsaSM+E:a01oRzqtDPCYNfc7rl7aM7saS

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3308	Unicorn-9658.exe
3008	Unicorn-27147.exe
1964	Unicorn-60566.exe
4472	Unicorn-30245.exe
4180	Unicorn-10379.exe
1652	Unicorn-30245.exe
1904	Unicorn-11862.exe
2576	Unicorn-23805.exe
2008	Unicorn-17674.exe
4712	Unicorn-44225.exe
4704	Unicorn-44225.exe
4428	Unicorn-44225.exe
1796	Unicorn-28443.exe
1912	Unicorn-46918.exe
4296	Unicorn-981.exe
1916	Unicorn-58205.exe
3496	Unicorn-28033.exe
4804	Unicorn-17173.exe
5028	Unicorn-35647.exe
1428	Unicorn-19865.exe
1392	Unicorn-51983.exe
4436	Unicorn-32117.exe
768	Unicorn-51983.exe
5104	Unicorn-51983.exe
1584	Unicorn-45853.exe
1848	Unicorn-47137.exe
1980	Unicorn-49937.exe
2256	Unicorn-36201.exe
4756	Unicorn-25076.exe
2456	Unicorn-20981.exe
3172	Unicorn-3898.exe
4908	Unicorn-16151.exe
3736	Unicorn-51516.exe
1604	Unicorn-59684.exe
4608	Unicorn-31117.exe
4464	Unicorn-27587.exe
4312	Unicorn-14588.exe
3516	Unicorn-4282.exe
512	Unicorn-26841.exe
4796	Unicorn-24794.exe
2544	Unicorn-30925.exe
4728	Unicorn-11688.exe
5064	Unicorn-20619.exe
4080	Unicorn-46996.exe
2480	Unicorn-32871.exe
1160	Unicorn-47816.exe
3248	Unicorn-53383.exe
3648	Unicorn-28787.exe
3556	Unicorn-63597.exe
4476	Unicorn-61551.exe
2112	Unicorn-18481.exe
1420	Unicorn-40774.exe
4032	Unicorn-21173.exe
1984	Unicorn-41039.exe
2344	Unicorn-19657.exe
1520	Unicorn-38993.exe
4068	Unicorn-60068.exe
1456	Unicorn-35869.exe
2320	Unicorn-60281.exe
1704	Unicorn-35677.exe
1740	Unicorn-11080.exe
4872	Unicorn-40437.exe
1812	Unicorn-40437.exe
1864	Unicorn-9710.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
6084	5116	WerFault.exe	175
17152	15948	WerFault.exe	787
18416	1688	WerFault.exe	1009
18220	4220	WerFault.exe	995
17720	1240	WerFault.exe	1007
17712	17284	WerFault.exe	1006

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20221.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
1088	Process not Found
16756	Process not Found
5208	Process not Found
17828	Process not Found
5256	Process not Found
15192	Process not Found
6040	Process not Found
3500	Process not Found
5544	Process not Found
5728	Process not Found
16648	Process not Found
6208	Process not Found
6196	Process not Found
18276	Process not Found
6272	Process not Found
6220	Process not Found
6320	Process not Found
6228	Process not Found
6332	Process not Found
6276	Process not Found
6316	Process not Found
6340	Process not Found
6472	Process not Found
6476	Process not Found
6452	Process not Found
6500	Process not Found
14436	Process not Found
17864	Process not Found
17848	Process not Found
6504	Process not Found
15640	Process not Found
2176	Process not Found
1688	Process not Found
2928	Process not Found
1700	Process not Found
860	Process not Found
17716	Process not Found
6648	Process not Found
4904	Process not Found
6652	Process not Found
4852	Process not Found
3508	Process not Found
4176	Process not Found
3836	Process not Found
2700	Process not Found
3288	Process not Found
1156	Process not Found
3796	Process not Found
16856	Process not Found
1952	Process not Found
5344	Process not Found
3656	Process not Found
3064	Process not Found
16260	Process not Found
2524	Process not Found
5984	Process not Found
17588	Process not Found
16780	Process not Found
18168	Process not Found
18176	Process not Found
18128	Process not Found
3432	Process not Found
17564	Process not Found
17020	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe
3308	Unicorn-9658.exe
3008	Unicorn-27147.exe
1964	Unicorn-60566.exe
4180	Unicorn-10379.exe
4472	Unicorn-30245.exe
1652	Unicorn-30245.exe
1904	Unicorn-11862.exe
2576	Unicorn-23805.exe
4712	Unicorn-44225.exe
1912	Unicorn-46918.exe
4704	Unicorn-44225.exe
4428	Unicorn-44225.exe
4296	Unicorn-981.exe
1796	Unicorn-28443.exe
2008	Unicorn-17674.exe
1916	Unicorn-58205.exe
3496	Unicorn-28033.exe
4804	Unicorn-17173.exe
4756	Unicorn-25076.exe
1428	Unicorn-19865.exe
4436	Unicorn-32117.exe
5104	Unicorn-51983.exe
1980	Unicorn-49937.exe
768	Unicorn-51983.exe
1392	Unicorn-51983.exe
2256	Unicorn-36201.exe
1848	Unicorn-47137.exe
1584	Unicorn-45853.exe
5028	Unicorn-35647.exe
2456	Unicorn-20981.exe
3172	Unicorn-3898.exe
4908	Unicorn-16151.exe
3736	Unicorn-51516.exe
1604	Unicorn-59684.exe
4608	Unicorn-31117.exe
4464	Unicorn-27587.exe
4312	Unicorn-14588.exe
4796	Unicorn-24794.exe
512	Unicorn-26841.exe
3516	Unicorn-4282.exe
4728	Unicorn-11688.exe
2544	Unicorn-30925.exe
5064	Unicorn-20619.exe
4080	Unicorn-46996.exe
3556	Unicorn-63597.exe
1160	Unicorn-47816.exe
2480	Unicorn-32871.exe
3248	Unicorn-53383.exe
4032	Unicorn-21173.exe
1520	Unicorn-38993.exe
2344	Unicorn-19657.exe
2112	Unicorn-18481.exe
4476	Unicorn-61551.exe
4068	Unicorn-60068.exe
1420	Unicorn-40774.exe
1984	Unicorn-41039.exe
3648	Unicorn-28787.exe
2320	Unicorn-60281.exe
1704	Unicorn-35677.exe
1740	Unicorn-11080.exe
1812	Unicorn-40437.exe
4872	Unicorn-40437.exe
1864	Unicorn-9710.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 3308	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	87
PID 432 wrote to memory of 3308	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	87
PID 432 wrote to memory of 3308	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	87
PID 3308 wrote to memory of 3008	3308	Unicorn-9658.exe	94
PID 3308 wrote to memory of 3008	3308	Unicorn-9658.exe	94
PID 3308 wrote to memory of 3008	3308	Unicorn-9658.exe	94
PID 432 wrote to memory of 1964	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	95
PID 432 wrote to memory of 1964	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	95
PID 432 wrote to memory of 1964	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	95
PID 1964 wrote to memory of 4472	1964	Unicorn-60566.exe	98
PID 1964 wrote to memory of 4472	1964	Unicorn-60566.exe	98
PID 1964 wrote to memory of 4472	1964	Unicorn-60566.exe	98
PID 3008 wrote to memory of 1652	3008	Unicorn-27147.exe	100
PID 3008 wrote to memory of 1652	3008	Unicorn-27147.exe	100
PID 3008 wrote to memory of 1652	3008	Unicorn-27147.exe	100
PID 3308 wrote to memory of 4180	3308	Unicorn-9658.exe	99
PID 3308 wrote to memory of 4180	3308	Unicorn-9658.exe	99
PID 3308 wrote to memory of 4180	3308	Unicorn-9658.exe	99
PID 432 wrote to memory of 1904	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	101
PID 432 wrote to memory of 1904	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	101
PID 432 wrote to memory of 1904	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	101
PID 4180 wrote to memory of 2576	4180	Unicorn-10379.exe	107
PID 4180 wrote to memory of 2576	4180	Unicorn-10379.exe	107
PID 4180 wrote to memory of 2576	4180	Unicorn-10379.exe	107
PID 3308 wrote to memory of 2008	3308	Unicorn-9658.exe	106
PID 3308 wrote to memory of 2008	3308	Unicorn-9658.exe	106
PID 3308 wrote to memory of 2008	3308	Unicorn-9658.exe	106
PID 1652 wrote to memory of 4712	1652	Unicorn-30245.exe	108
PID 1652 wrote to memory of 4712	1652	Unicorn-30245.exe	108
PID 1652 wrote to memory of 4712	1652	Unicorn-30245.exe	108
PID 1904 wrote to memory of 4704	1904	Unicorn-11862.exe	109
PID 1904 wrote to memory of 4704	1904	Unicorn-11862.exe	109
PID 1904 wrote to memory of 4704	1904	Unicorn-11862.exe	109
PID 4472 wrote to memory of 4428	4472	Unicorn-30245.exe	110
PID 4472 wrote to memory of 4428	4472	Unicorn-30245.exe	110
PID 4472 wrote to memory of 4428	4472	Unicorn-30245.exe	110
PID 3008 wrote to memory of 1796	3008	Unicorn-27147.exe	111
PID 3008 wrote to memory of 1796	3008	Unicorn-27147.exe	111
PID 3008 wrote to memory of 1796	3008	Unicorn-27147.exe	111
PID 1964 wrote to memory of 1912	1964	Unicorn-60566.exe	112
PID 1964 wrote to memory of 1912	1964	Unicorn-60566.exe	112
PID 1964 wrote to memory of 1912	1964	Unicorn-60566.exe	112
PID 432 wrote to memory of 4296	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	113
PID 432 wrote to memory of 4296	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	113
PID 432 wrote to memory of 4296	432	10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe	113
PID 2576 wrote to memory of 1916	2576	Unicorn-23805.exe	114
PID 2576 wrote to memory of 1916	2576	Unicorn-23805.exe	114
PID 2576 wrote to memory of 1916	2576	Unicorn-23805.exe	114
PID 4180 wrote to memory of 3496	4180	Unicorn-10379.exe	115
PID 4180 wrote to memory of 3496	4180	Unicorn-10379.exe	115
PID 4180 wrote to memory of 3496	4180	Unicorn-10379.exe	115
PID 1796 wrote to memory of 4804	1796	Unicorn-28443.exe	116
PID 1796 wrote to memory of 4804	1796	Unicorn-28443.exe	116
PID 1796 wrote to memory of 4804	1796	Unicorn-28443.exe	116
PID 4712 wrote to memory of 5028	4712	Unicorn-44225.exe	117
PID 4712 wrote to memory of 5028	4712	Unicorn-44225.exe	117
PID 4712 wrote to memory of 5028	4712	Unicorn-44225.exe	117
PID 1652 wrote to memory of 1428	1652	Unicorn-30245.exe	118
PID 1652 wrote to memory of 1428	1652	Unicorn-30245.exe	118
PID 1652 wrote to memory of 1428	1652	Unicorn-30245.exe	118
PID 4296 wrote to memory of 1392	4296	Unicorn-981.exe	119
PID 4296 wrote to memory of 1392	4296	Unicorn-981.exe	119
PID 4296 wrote to memory of 1392	4296	Unicorn-981.exe	119
PID 3008 wrote to memory of 1584	3008	Unicorn-27147.exe	123

C:\Users\Admin\AppData\Local\Temp\10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe
"C:\Users\Admin\AppData\Local\Temp\10f1e9604d13413a2d167c7e0845748d00bbc3627fa00c9686dec09cb22d9d98.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        10⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        10⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        10⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
        9⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        9⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        9⤵
        
        PID:16704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        8⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 72
        9⤵
        Program crash
        
        PID:18416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
        8⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        9⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        9⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        8⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        7⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        9⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        9⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        8⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        7⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        7⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        6⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        7⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        6⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        6⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56620.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        8⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
        7⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        6⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 80
        7⤵
        Program crash
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60717.exe
        8⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
        9⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        8⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        5⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
        5⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        9⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        10⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        10⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36213.exe
        9⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        8⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        8⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        7⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        8⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        8⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        7⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        7⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16679.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        6⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        9⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        9⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51305.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        8⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        7⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        6⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        6⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        8⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62458.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        7⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
        6⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        7⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
        6⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        6⤵
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        6⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        5⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        8⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        9⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        9⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        8⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        7⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2374.exe
        7⤵
        
        PID:15948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15948 -s 464
        8⤵
        Program crash
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43699.exe
        7⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17798.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
        5⤵
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        6⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        5⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55992.exe
        6⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        5⤵
        
        PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        6⤵
        
        PID:16788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        5⤵
        
        PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
      4⤵
      PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31740.exe
      4⤵
      PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        9⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2559.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        9⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        9⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        9⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        8⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        7⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        7⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        7⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44083.exe
        9⤵
        
        PID:16740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        9⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
        8⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        7⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        7⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        7⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53959.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        9⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        9⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        9⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 80
        10⤵
        Program crash
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        8⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16844.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        6⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43679.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        6⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        6⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        7⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        7⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
        6⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65224.exe
        6⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32903.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        5⤵
        
        PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        8⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        7⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        7⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        6⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        7⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
        7⤵
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        5⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        6⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
      4⤵
      PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53439.exe
        5⤵
        
        PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
      4⤵
      PID:15836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
      4⤵
      Executes dropped EXE
      PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13083.exe
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
      4⤵
      PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51563.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
      4⤵
      PID:15620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        5⤵
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 472
        6⤵
        Program crash
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        5⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
        6⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
        6⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        5⤵
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
      4⤵
      PID:15788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
      4⤵
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        6⤵
        
        PID:12864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
      4⤵
      PID:9480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
      4⤵
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        5⤵
        
        PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        5⤵
        
        PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
      4⤵
      PID:17872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
    3⤵
    PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
      4⤵
      PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
      4⤵
      PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
    3⤵
    PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
    3⤵
    PID:14860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
        9⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        9⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        8⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        8⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        8⤵
        
        PID:17840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        7⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45076.exe
        6⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        9⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        8⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        8⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        8⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        7⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        9⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        9⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        8⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        7⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
        7⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
        6⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        6⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        5⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        6⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        5⤵
        
        PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
        6⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        8⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        8⤵
        
        PID:17284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17284 -s 72
        9⤵
        Program crash
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        6⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        7⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        7⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46279.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        7⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        7⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:16668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        7⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        7⤵
        
        PID:16692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        6⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20291.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        6⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        7⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        6⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        5⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        6⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        5⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
      4⤵
      PID:3704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
        8⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36417.exe
        7⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        7⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43569.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        6⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
        6⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        6⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        5⤵
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
        5⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        5⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        5⤵
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9244.exe
      4⤵
      PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60405.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1703.exe
      4⤵
      PID:18264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        7⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        6⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
        6⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        5⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        5⤵
        
        PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        5⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        5⤵
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
      4⤵
      PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
      4⤵
      PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
      4⤵
      PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46996.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        6⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        5⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
        6⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        5⤵
        
        PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        5⤵
        
        PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49953.exe
      4⤵
      PID:15564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        5⤵
        
        PID:14840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
    3⤵
    PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
      4⤵
      PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
    3⤵
    PID:10460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
    3⤵
    PID:14924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        7⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29671.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        7⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        6⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        6⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-424.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        6⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        7⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
        7⤵
        
        PID:18228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48151.exe
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        6⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        6⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14785.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        5⤵
        
        PID:13240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        5⤵
        
        PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        6⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        8⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        7⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        7⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        6⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        6⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        5⤵
        
        PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34602.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        5⤵
        
        PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
      4⤵
      PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
      4⤵
      PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        6⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        6⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        5⤵
        
        PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        5⤵
        
        PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
      4⤵
      PID:16152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
    3⤵
    PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      4⤵
      PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32433.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
      4⤵
      PID:15900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
    3⤵
    PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
      4⤵
      PID:9528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
      4⤵
      PID:15556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
    3⤵
    PID:10808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
    3⤵
    PID:216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32875.exe
    3⤵
    PID:7776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        7⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        7⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
        6⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        5⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        6⤵
        
        PID:12668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        5⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22703.exe
        5⤵
        
        PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
      4⤵
      PID:15640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        6⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
        5⤵
        
        PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        5⤵
        
        PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      4⤵
      PID:11384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
      4⤵
      PID:15580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63794.exe
    3⤵
    PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
      4⤵
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
    3⤵
    PID:10824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
    3⤵
    PID:15028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8340.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35035.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        6⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        5⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
      4⤵
      PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62284.exe
      4⤵
      PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
    3⤵
    PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:11436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
    3⤵
    PID:16116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
    3⤵
    PID:1284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
    3⤵
    PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        5⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
      4⤵
      PID:16104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
      4⤵
      PID:16920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      4⤵
      PID:16848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
    3⤵
    PID:15144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
    3⤵
    PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
      4⤵
      PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
      4⤵
      PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      4⤵
      PID:17900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
    3⤵
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
    3⤵
    PID:15820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
    3⤵
    PID:16736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
  2⤵
  PID:7348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
    3⤵
    PID:13640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
  2⤵
  PID:10468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
  2⤵
  PID:14892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5116 -ip 5116
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 16144 -ip 16144
1⤵
PID:17220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 216 -ip 216
1⤵
PID:17236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 15948 -ip 15948
1⤵
PID:17284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 17284 -ip 17284
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1240 -ip 1240
1⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 15192 -ip 15192
1⤵
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 15192 -ip 15192
1⤵
PID:18276

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:17932

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:5544

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:10132

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4904

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2524

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1524

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\73a5ba074d9d49efab45ff36a8f14a8e /t 3976 /p 3948
1⤵
PID:17568

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\7818319ed5854c42b51ca86045484e7b /t 1016 /p 3720
1⤵
PID:17548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:17900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:16644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe

Filesize
468KB

MD5
39768a33ea74166e25dc7499ecf7072b

SHA1
fcb9b8f37a73577987260216de495e1600cf9c04

SHA256
6e493376b93c6b62fbc1ec65e931c8420ad778a9a344eff6363522f9e386027e

SHA512
1c4695e14f9aae2bbc5da504af3a44a555a56de32c6ff9f0b7b3da86e2b72ef04d6cbbd92ab889f63d3b30f87ec7004b4830ae4eee73583ad1e5b9b15605eeed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe

Filesize
468KB

MD5
23956d02117a3594c961ebb1140b225e

SHA1
bd73a2f73261ad4e3b1f5dacf2097db6aa995751

SHA256
9acf0fb7186a569c8be72991a74a87045d45c78016eb2737d52da7756e9531dd

SHA512
96c876332070e74eac767d53005df45e019dad3ee8b8b0d28a6a1d6e73f2f67e25d3a26ffa9ac0342f9b36386d417659cf17dfff3f0a8860b933005bbb239062

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe

Filesize
468KB

MD5
3fbc8d6b99a81ee69a3bea83a0d4d7a2

SHA1
4fdb6b5afbbc3a142655bf157f95698703496f03

SHA256
1693825b94ee0ec9574a2d4d2e1359c520a4f5fb5d8cbef4c3b493cd9acce457

SHA512
9071e78ba0929289991cfd637d8824a21f3722e271f3b90a61ba2d732620a7199a420331a55413f248b34aca82a6ce8d584b8a0c2fa5530dc9ab02fb04e10f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe

Filesize
468KB

MD5
dc72d33903a858256eabd3a532d2217a

SHA1
44c994b0117867f2df3e4bf28f3e2d940e422985

SHA256
677d1ae3460c45ca94bbf4849fe880237c01b10727573124534edb0d0fff1468

SHA512
84b9ec055b6d468d1ddd7b782619fa836354f7832448a8cc780d511a50bb02a6f17441cbddc4f314962bd10ce5c9be33e1d4e6dbb7327370e55cb207d4ab39dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe

Filesize
468KB

MD5
8ab2d2300156ec3e102445a925909b44

SHA1
22d3328f538254f6dfdef718bf545b3da43fcfa5

SHA256
d38b038d8725ac8c44c9a8a33e1d91f523ea3a0e49587a153d7f4de10afd6d6c

SHA512
1f0b84c88f23f6fe316435bc9a17961b97c3850ec59945e4913422293369621ba03f4419ec6f636c291f13ad904240898be7193fa668c9f167ea434d5dcb61e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe

Filesize
468KB

MD5
25cc6d023d430ada61875f4ecbff2b73

SHA1
bfb377d420974ef4e9557d809058dbeeaf87ce3b

SHA256
63d61fd1a24918ec22c56c46b21fdd4e78e76b828450293b87051fc596a3745f

SHA512
4306f471cbfaab601ff279fbc42cda3110efd284b02cb6115b9f17266a84fedf6c72204429b7b74f20b5ff50b09f0cfb35fd5dcf98662d2783df2f19ef3c1c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe

Filesize
468KB

MD5
8d2e2e2c610d8842c8c888dd262c9be5

SHA1
a191797c84a3fad6bf61a9b01744b5ee8fa2f249

SHA256
a22f1b040d7c4544b014c3db277cb99d2c241c23a1a5d1f6798abb31d052928e

SHA512
08f9ae3c8feb85cf7c2637ac2b9a752d9b3d76d13ad8d5382d0511637a289796722bc46a57d2450682a143f0444316389eaa6dd27fe158ae290a6165b28f6177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe

Filesize
468KB

MD5
f4e9eea7b13a049e22f8196af0504395

SHA1
56292a46102e0cda6f042c2859b0293d0ff49fc8

SHA256
db72a9967aa34c8989ebaee693fc31bed3fef1cf37e1db55034a90762df4eaa4

SHA512
b60c2b35bc5f0bcc56b2eca12fc3177a6c771d9435e51da1b8bdd76e1b716b68f574311bb278bf83ed45c99ee85667bd0e860139ac367d303a848fd3a959a370

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe

Filesize
468KB

MD5
10d9f9a3f08dd52683092fec64441154

SHA1
b63879046721fe3f1828f784962bf7fd1fc0ac87

SHA256
bd09b6c6a2dad4fc4323511e509c6301d71d3385f839bd4c6376bb8993c1cdcf

SHA512
263c92b3e788443bc0bd043884556d219df0ea99cffedae0f08e252951f6bfb386e8d9588cca3256c8da4477fe6a5023c6182e51f275c99935c1c2abbc973450

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe

Filesize
468KB

MD5
2eeffb902d5f6cc96dab9343e4c92717

SHA1
0a225c880b37a54d854cc866e306446a3dbca72a

SHA256
3a892b97c11a8506feb64b4fb38b5c96157fa54661cad040b300e61c8e07ad0a

SHA512
269a0f805ed4225ad47765e47ca9ef3c8d5b8990ffa7ee70ee1736dc287ffe00878f72d2fcea2c5fd4905a642795214bee7b9ec349700d98fd5a5fd4af3294a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe

Filesize
468KB

MD5
4e9f1bf9f3d1d2de73945459dd0e69e9

SHA1
915f51920d97bbe23b2202785f256f0e1e838057

SHA256
aadb72adaad6554b67165537f843aeef6c9f7406fa836cb0cc0ff37edc81e1f7

SHA512
6f732fee486cf7dad9feea3dba8aa99eb9b48e2aa4d1c5f32302107a71a35c39df63a8e589f4ee8d9c757efe23280d32690c265ed5af73825391063bcca8a2fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28443.exe

Filesize
468KB

MD5
ba24bd3b927715819986936b52fa989b

SHA1
adc1c4cf4cafa63f6b687b1f50b4eca569e42fc1

SHA256
f8327966d22d574e9fef5f254d16fba7364a89b3767c71f11015a284f565429d

SHA512
a4ca5a46936c6834b6b14e7dabe2623541590cbb547edc8ef667eeaaf14bc8412bd92b3d0b7102eff24e331e0d747cdf5d33f07ccc17a14fb7ac52fa5ab9acac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30245.exe

Filesize
468KB

MD5
baff179ec8029508409b90a6a68ea611

SHA1
e33ef4c2979e26682b728dee3d16aa9d101907b3

SHA256
63e4561abe3f62ba70a17cc33c74f0985afbe60ec48b6413734eb0aa38f356ca

SHA512
61eda278de7ecc1d0a8c0f97cddc17c44eaa7994b2a7e35d0949067d0d8a63b26abd60fe401e2602f39a10ef0fb2e9c46994af13ba6661ec6f1bbd09c42cc218

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe

Filesize
468KB

MD5
85c377b6df95a646bbcc6c2b1f4f95ae

SHA1
32224f25687c53620cd0f23b8268c600b63d131d

SHA256
aa314ef98d1ee58291301002acddd446b99e5afc69c7bea7b827409658d99d79

SHA512
4918f7f40cd2463ab06e3daa51228a3df3d95ae451934f6925994ad94f0761ce9d9b04a1a975b3322406a5bf8f33cb2e932081947c548085b13049b210b07556

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe

Filesize
468KB

MD5
cbfb196b7a84dea84ef5fbd276e4414d

SHA1
45689d51935fd776704141e9d439e09e3d8d0cfc

SHA256
f4773f2997cb7527ee0beeda9013e80fad6819bae52b769684254c4879293e1d

SHA512
d7ab4fefe8e58206155514fb17c121486f37606c5deb2a8150a23f66858a37220a8be04913671e2d7800ba219c1b7b723d209efa3500fd60cea0801be87373d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe

Filesize
468KB

MD5
fc3d78aed9d46bac25c5516c8ebfd657

SHA1
96440e153fc829635a521361424f6c3b62d11867

SHA256
8f484acc7f18fc033624d0a73b79b51a54a28b2fb1bf86f24047c1821a257d41

SHA512
38eda415aac998565f521ebd7287f0a85dda7c6dac403d74cb67a69125e6e22db312ba0dd634f490e50831e69b5218befbe82e2fcbcfbff6ff05eb3e88b1b3ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe

Filesize
468KB

MD5
0315802aeec541bd882847fcc68680cd

SHA1
7d38f17adf6a38c9042b117c344cb65b20e44aa2

SHA256
79531f3d0a4ae8605ddb9fdcf55ab5ae90e32d0493fdfcc947d4b21abf44e00e

SHA512
3984d97f90971b13eb7cb5922ccecf98ba55944b0e2437d3c9d274a05d97abdfbb5c7f1668347722d5cf9934f717d68fada3cc997d5dd692529312ce644b069a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe

Filesize
468KB

MD5
f78d745624d2472b7a642fac6d255d3a

SHA1
1990b2ead38c6edf59283a0e8c08d9b6d36abf30

SHA256
78e9082f51215a75cd12fe9badc89d2777a86bcfbb6428f2074e6b77dcb9a684

SHA512
6b93939e66afe09d599c265009391c7277ee228efc295f43529e809bfda3448cf3710239741373e5ca1b3bbf49e4f3b6fc2b445040c32a9f68072dbec43a592a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe

Filesize
468KB

MD5
1adfb3317431c88582dd5a2b0019c61d

SHA1
feaff0d0718b5bf1e181aebc51fcf0ad60a9c022

SHA256
a1ccee0e470e658c67f79f6ab1dc6511248fd754389347eed33180b188e76d2f

SHA512
bb0685800deb1bbc756e546a0d0ef9a2696833682e7703ff77509b12ec0308c9af4061f2cd168e7419553b0a15cf57b275edee1b5a47a35edb40b694334b0075

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe

Filesize
468KB

MD5
54bfedcf9fba511f373e0d2494e86dc0

SHA1
ddb006aea8457f1a0796f12921dc05fb6d906482

SHA256
61e2d917ebbd6170ff5875f1a5440f88f8d3c729de5f56cedf4afd40cf6fb0e7

SHA512
9965074c0e9a223468190d0070de51473134cc870584391ef450c7aa9f6ff3bbc6db8bb7a3fa4ec9cdf024367b4be15bee15806f2aa2ad346f1fd77df4447953

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe

Filesize
468KB

MD5
c28b671215c0bc2ff98ca022d0cfa9b8

SHA1
cedc38bb2235ef5b183f9f839e5ffb41fd1be720

SHA256
959d82a96b82ce43cf4c68a907436b4f12d88b968c009216870ef1c60c62dee4

SHA512
2e70edfca043fafaca377472461f7158361647404b7f1dd9c31cd6a44e14e89bfdd98e07f739e2cd4441d80ee1d1c0fc39f5b665140ebc64ca012e2af50eefb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe

Filesize
468KB

MD5
0630d17a40aeacbbcb7e3a2a614f5add

SHA1
3f179b6e66a8edc66387417231becb665e484b3d

SHA256
6f671f7d8fe58e6a87a535663a4c971ef94db77d96cfb756914d2dc8b7adc0c8

SHA512
4833a798f65007a75518cc29aa549c5649ee23c12a82f0a8c7a8b20a4696e848cd1d8d78460f88032dab42f83e5c53401ed6958c2c18c3c3447831e0349eb82b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe

Filesize
468KB

MD5
20ee5a25f3dfd87671bf9ec73ba710b4

SHA1
9a2c9f7bec3c8c8b05aaadd62a44690f4a4af75f

SHA256
f3cc184c5999eabde3287c9bcae608df8424ec37b0cd8cd33bcc2d6626443f69

SHA512
b3539e794a3355266ecf2e933c1e5ffc37a8ce4bb7bda7da22e895d0269840a430f5f188b697831dd4f6da8f42f3e55e5293fc73aa3379d7f7591c40a26919e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe

Filesize
468KB

MD5
b891f11f234b3d4aaa0cbad378810bbc

SHA1
12d6a51f8703c39231bfde9a601fb520ca85713c

SHA256
5f1b4ac1cb08a7a39e55b7b74090c98d58f757e75d44c066dd8d3fc50108a8fe

SHA512
7a8869d0fc8b84dba5dc9cdedbf7ecf36c60b7d67b528abf4c4c16687e34faff34094620f15b143764680b505dffa5cd81d81c4c6c2ff158c5a50e86a208411a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe

Filesize
468KB

MD5
2cb16667cffc4d5834545455772cb8f2

SHA1
7ed79287949a720f08b39197dbd2f3dd87758559

SHA256
030814717987c0b2ae02858484dc6688ecc98fc7f2777df3f816c3df389e7309

SHA512
5b746b028a69fb69f8ef9da4b10b0bf63c21ab330c36e1050587b7ebca216f23248749928f80070a0b2aec2748fc1212298b4a5f69b6f87ff4e0d9b4719e3e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe

Filesize
468KB

MD5
59a69877124000a66f9e573b2a31072d

SHA1
15587412a76b2f8fa61d1978d9b2c916117d489b

SHA256
2bd73de451e8b0b256f3308311beae1bf6d4c55bf5175de72171fd2d1870c907

SHA512
72682909b042588ffa995202fdeed6ddf9a45c18c009a018d31e5aa54438be0fd024f2958e3df90d42196f4f77003acec83b47c7e6d6a1b2edff0c4021898ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe

Filesize
468KB

MD5
6b08f58db2a2b13ca72ee35675acf038

SHA1
d11a4655594028c70ad1bc18da5e2f8b706d4f3b

SHA256
c2e357e869444a30a6666003b72b5caa43a7a040a217e0a2afbf9e0ead87dbaf

SHA512
c98de4d9cc2d25df7c36e902bd901596c016d13e7aebd677468c086731bff902f50fbd76ec52a97712ed673187d8068626e4599a200611f6f14df969e8820106

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe

Filesize
468KB

MD5
b468d7cbb5d89b746a5f10a658e80b79

SHA1
3c8894f274218142b46d65387c30c12a505f43dc

SHA256
11e20941b43be1d5b654eec6e8a240c32ea0a3b571f50ebfbed1ac77b8468c16

SHA512
4d278e66c67dc9c417328237f5b967a95c51984b6f0b334a81a7005c314337269e268e54e1706dbb7f72cac394a5d1a8405d5063455d1ed0cc9a764f93c5c3a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe

Filesize
468KB

MD5
38e055562aa624ccc17da1dc9ed276d6

SHA1
c93a5aa789f1472faac39ebc1610c796d7649f4b

SHA256
90ed26a3ee368dadb241d5352480c40b59e1dcbbcdf7f64f85d35b944c747fe6

SHA512
d36fafe285afb0072a3e5a2e1f4ecd9ca582cf49b9f4cd1b6440912fdce90f5aeedef7894f23d5dd7af00f5661f1516eff79c023784f48144c7c1c36a8f81894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe

Filesize
468KB

MD5
48f9d628457f91d10f7fb91076d388b3

SHA1
8a8c44b107944c2c39ba9c0783c964075dba0836

SHA256
07b3d9e4bb2114d4e7e121d541f486e8278255196ab0cb1f4c39e1d4d9deb88b

SHA512
94d960ec833f0755267fb294f5ddd8b8ced3f56b6e39790c166b50536f3b33ec9d2ff7ff36b7fae6200a05c167fb2c7301d8de101cdda6aec88695fb11227789

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe

Filesize
468KB

MD5
b60775e6122ac9deb4cf1052d4ebd569

SHA1
7830c606065aff9a0a64c2cdafaebfb5654a6cd7

SHA256
2aae7dbe1a0a373267a4ecffcabe4308df43e2cc37ecac7628e1cbd4d86d2c93

SHA512
6a76b2485c7ce6bde1afab7b56816b25efdc54cd17684cb6f5949e3948f2c3b68e7a0bdc002621f0814ed9d6367138e73153aa970b89f75aec2bc5eb360f14cc

Download Submit