85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
Size

468KB
MD5

42b172dea9f7882b5e930f72bc36fef6
SHA1

daa33682294b3a804bf2e36a013a5dde143546d3
SHA256

85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9
SHA512

7102fed22f572ceb2391d995f0e55111686238bc74ed8e5593d3b97f6fb6000f8dbe5ebbe51719325eede29f209b8190f7de38eebd2be7f16942cfcf0ae71489
SSDEEP

3072:dONsogKEIVMfQbe94ecTJf8SFCECSppLVaHCPVxFdU7EQvRRqcl3D:dOyoLqfQo43TJfnfbNdU4yRRqM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2148	Unicorn-55874.exe
2804	Unicorn-23804.exe
2940	Unicorn-20274.exe
2060	Unicorn-32468.exe
3060	Unicorn-63915.exe
2832	Unicorn-18436.exe
2680	Unicorn-27572.exe
2648	Unicorn-54777.exe
1580	Unicorn-6090.exe
584	Unicorn-21851.exe
3056	Unicorn-35041.exe
2612	Unicorn-54907.exe
2764	Unicorn-11300.exe
2468	Unicorn-5170.exe
1964	Unicorn-12104.exe
1372	Unicorn-40953.exe
1528	Unicorn-51159.exe
2236	Unicorn-58550.exe
2204	Unicorn-37615.exe
2388	Unicorn-60169.exe
2216	Unicorn-59017.exe
820	Unicorn-29965.exe
2496	Unicorn-3039.exe
2564	Unicorn-64855.exe
968	Unicorn-2463.exe
1864	Unicorn-19184.exe
2524	Unicorn-3049.exe
916	Unicorn-52707.exe
1740	Unicorn-65322.exe
2616	Unicorn-32841.exe
2316	Unicorn-10912.exe
2500	Unicorn-51524.exe
2416	Unicorn-51259.exe
696	Unicorn-34420.exe
1596	Unicorn-49038.exe
2924	Unicorn-19319.exe
2120	Unicorn-47694.exe
2864	Unicorn-54430.exe
2876	Unicorn-35463.exe
2688	Unicorn-4326.exe
2708	Unicorn-34887.exe
1576	Unicorn-48270.exe
2712	Unicorn-4710.exe
2904	Unicorn-61813.exe
2888	Unicorn-49998.exe
2156	Unicorn-23870.exe
1744	Unicorn-40014.exe
2448	Unicorn-6692.exe
2956	Unicorn-35908.exe
1472	Unicorn-6573.exe
1664	Unicorn-5534.exe
1060	Unicorn-28961.exe
2368	Unicorn-26308.exe
2112	Unicorn-28577.exe
2840	Unicorn-45406.exe
2152	Unicorn-12925.exe
1188	Unicorn-64222.exe
2440	Unicorn-35079.exe
2732	Unicorn-37252.exe
640	Unicorn-827.exe
2632	Unicorn-6795.exe
1280	Unicorn-19255.exe
2220	Unicorn-2926.exe
1540	Unicorn-34747.exe

Loads dropped DLL 64 IoCs

pid	Process
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
2148	Unicorn-55874.exe
2148	Unicorn-55874.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
2804	Unicorn-23804.exe
2804	Unicorn-23804.exe
2148	Unicorn-55874.exe
2148	Unicorn-55874.exe
2940	Unicorn-20274.exe
2940	Unicorn-20274.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
2804	Unicorn-23804.exe
2804	Unicorn-23804.exe
2060	Unicorn-32468.exe
2060	Unicorn-32468.exe
3060	Unicorn-63915.exe
3060	Unicorn-63915.exe
2940	Unicorn-20274.exe
2940	Unicorn-20274.exe
2832	Unicorn-18436.exe
2832	Unicorn-18436.exe
2680	Unicorn-27572.exe
2680	Unicorn-27572.exe
2148	Unicorn-55874.exe
2148	Unicorn-55874.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
2648	Unicorn-54777.exe
2648	Unicorn-54777.exe
2804	Unicorn-23804.exe
2804	Unicorn-23804.exe
1580	Unicorn-6090.exe
1580	Unicorn-6090.exe
2060	Unicorn-32468.exe
584	Unicorn-21851.exe
2060	Unicorn-32468.exe
584	Unicorn-21851.exe
3056	Unicorn-35041.exe
3056	Unicorn-35041.exe
2940	Unicorn-20274.exe
2940	Unicorn-20274.exe
2764	Unicorn-11300.exe
2764	Unicorn-11300.exe
3060	Unicorn-63915.exe
3060	Unicorn-63915.exe
2468	Unicorn-5170.exe
2468	Unicorn-5170.exe
2612	Unicorn-54907.exe
2612	Unicorn-54907.exe
2148	Unicorn-55874.exe
2148	Unicorn-55874.exe
2680	Unicorn-27572.exe
1964	Unicorn-12104.exe
1964	Unicorn-12104.exe
2680	Unicorn-27572.exe
2832	Unicorn-18436.exe
2832	Unicorn-18436.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
1528	Unicorn-51159.exe
1528	Unicorn-51159.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1712	2112	WerFault.exe	86
3352	2016	WerFault.exe	274
4688	3568	WerFault.exe	303
5048	4540	WerFault.exe	369
4696	5084	WerFault.exe	395
6712	5664	WerFault.exe	493

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3600.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
2148	Unicorn-55874.exe
2804	Unicorn-23804.exe
2940	Unicorn-20274.exe
2060	Unicorn-32468.exe
3060	Unicorn-63915.exe
2832	Unicorn-18436.exe
2680	Unicorn-27572.exe
2648	Unicorn-54777.exe
1580	Unicorn-6090.exe
584	Unicorn-21851.exe
3056	Unicorn-35041.exe
2612	Unicorn-54907.exe
2764	Unicorn-11300.exe
2468	Unicorn-5170.exe
1964	Unicorn-12104.exe
1528	Unicorn-51159.exe
1372	Unicorn-40953.exe
2204	Unicorn-37615.exe
2216	Unicorn-59017.exe
2388	Unicorn-60169.exe
2236	Unicorn-58550.exe
820	Unicorn-29965.exe
2496	Unicorn-3039.exe
2564	Unicorn-64855.exe
968	Unicorn-2463.exe
1864	Unicorn-19184.exe
916	Unicorn-52707.exe
2524	Unicorn-3049.exe
1740	Unicorn-65322.exe
2616	Unicorn-32841.exe
2316	Unicorn-10912.exe
2500	Unicorn-51524.exe
2416	Unicorn-51259.exe
1596	Unicorn-49038.exe
2924	Unicorn-19319.exe
2120	Unicorn-47694.exe
2864	Unicorn-54430.exe
2688	Unicorn-4326.exe
2876	Unicorn-35463.exe
2708	Unicorn-34887.exe
1576	Unicorn-48270.exe
2904	Unicorn-61813.exe
2712	Unicorn-4710.exe
2956	Unicorn-35908.exe
2732	Unicorn-37252.exe
2632	Unicorn-6795.exe
1744	Unicorn-40014.exe
2152	Unicorn-12925.exe
1280	Unicorn-19255.exe
2448	Unicorn-6692.exe
1472	Unicorn-6573.exe
2440	Unicorn-35079.exe
2840	Unicorn-45406.exe
640	Unicorn-827.exe
1188	Unicorn-64222.exe
2156	Unicorn-23870.exe
2220	Unicorn-2926.exe
1664	Unicorn-5534.exe
2368	Unicorn-26308.exe
2112	Unicorn-28577.exe
1060	Unicorn-28961.exe
2888	Unicorn-49998.exe
1540	Unicorn-34747.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2148	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	29
PID 1996 wrote to memory of 2148	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	29
PID 1996 wrote to memory of 2148	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	29
PID 1996 wrote to memory of 2148	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	29
PID 2148 wrote to memory of 2804	2148	Unicorn-55874.exe	30
PID 2148 wrote to memory of 2804	2148	Unicorn-55874.exe	30
PID 2148 wrote to memory of 2804	2148	Unicorn-55874.exe	30
PID 2148 wrote to memory of 2804	2148	Unicorn-55874.exe	30
PID 1996 wrote to memory of 2940	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	31
PID 1996 wrote to memory of 2940	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	31
PID 1996 wrote to memory of 2940	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	31
PID 1996 wrote to memory of 2940	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	31
PID 2804 wrote to memory of 2060	2804	Unicorn-23804.exe	32
PID 2804 wrote to memory of 2060	2804	Unicorn-23804.exe	32
PID 2804 wrote to memory of 2060	2804	Unicorn-23804.exe	32
PID 2804 wrote to memory of 2060	2804	Unicorn-23804.exe	32
PID 2148 wrote to memory of 3060	2148	Unicorn-55874.exe	33
PID 2148 wrote to memory of 3060	2148	Unicorn-55874.exe	33
PID 2148 wrote to memory of 3060	2148	Unicorn-55874.exe	33
PID 2148 wrote to memory of 3060	2148	Unicorn-55874.exe	33
PID 2940 wrote to memory of 2832	2940	Unicorn-20274.exe	34
PID 2940 wrote to memory of 2832	2940	Unicorn-20274.exe	34
PID 2940 wrote to memory of 2832	2940	Unicorn-20274.exe	34
PID 2940 wrote to memory of 2832	2940	Unicorn-20274.exe	34
PID 1996 wrote to memory of 2680	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	35
PID 1996 wrote to memory of 2680	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	35
PID 1996 wrote to memory of 2680	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	35
PID 1996 wrote to memory of 2680	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	35
PID 2804 wrote to memory of 2648	2804	Unicorn-23804.exe	36
PID 2804 wrote to memory of 2648	2804	Unicorn-23804.exe	36
PID 2804 wrote to memory of 2648	2804	Unicorn-23804.exe	36
PID 2804 wrote to memory of 2648	2804	Unicorn-23804.exe	36
PID 2060 wrote to memory of 1580	2060	Unicorn-32468.exe	37
PID 2060 wrote to memory of 1580	2060	Unicorn-32468.exe	37
PID 2060 wrote to memory of 1580	2060	Unicorn-32468.exe	37
PID 2060 wrote to memory of 1580	2060	Unicorn-32468.exe	37
PID 3060 wrote to memory of 584	3060	Unicorn-63915.exe	38
PID 3060 wrote to memory of 584	3060	Unicorn-63915.exe	38
PID 3060 wrote to memory of 584	3060	Unicorn-63915.exe	38
PID 3060 wrote to memory of 584	3060	Unicorn-63915.exe	38
PID 2940 wrote to memory of 3056	2940	Unicorn-20274.exe	39
PID 2940 wrote to memory of 3056	2940	Unicorn-20274.exe	39
PID 2940 wrote to memory of 3056	2940	Unicorn-20274.exe	39
PID 2940 wrote to memory of 3056	2940	Unicorn-20274.exe	39
PID 2832 wrote to memory of 2612	2832	Unicorn-18436.exe	40
PID 2832 wrote to memory of 2612	2832	Unicorn-18436.exe	40
PID 2832 wrote to memory of 2612	2832	Unicorn-18436.exe	40
PID 2832 wrote to memory of 2612	2832	Unicorn-18436.exe	40
PID 2680 wrote to memory of 2764	2680	Unicorn-27572.exe	41
PID 2680 wrote to memory of 2764	2680	Unicorn-27572.exe	41
PID 2680 wrote to memory of 2764	2680	Unicorn-27572.exe	41
PID 2680 wrote to memory of 2764	2680	Unicorn-27572.exe	41
PID 2148 wrote to memory of 2468	2148	Unicorn-55874.exe	42
PID 2148 wrote to memory of 2468	2148	Unicorn-55874.exe	42
PID 2148 wrote to memory of 2468	2148	Unicorn-55874.exe	42
PID 2148 wrote to memory of 2468	2148	Unicorn-55874.exe	42
PID 1996 wrote to memory of 1964	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	43
PID 1996 wrote to memory of 1964	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	43
PID 1996 wrote to memory of 1964	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	43
PID 1996 wrote to memory of 1964	1996	85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe	43
PID 2648 wrote to memory of 1372	2648	Unicorn-54777.exe	44
PID 2648 wrote to memory of 1372	2648	Unicorn-54777.exe	44
PID 2648 wrote to memory of 1372	2648	Unicorn-54777.exe	44
PID 2648 wrote to memory of 1372	2648	Unicorn-54777.exe	44

C:\Users\Admin\AppData\Local\Temp\85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe
"C:\Users\Admin\AppData\Local\Temp\85e512b88ddc8495c350ba8c15f0ae456a964a47d153a88b480bf902adc6abc9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36646.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        9⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20800.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        8⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21879.exe
        10⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        10⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        9⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        9⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33185.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57770.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23150.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50757.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        9⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        8⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        7⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 188
        8⤵
        Program crash
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        7⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10174.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        7⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        6⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48118.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15997.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        6⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19253.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        5⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        5⤵
        
        PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        6⤵
        Executes dropped EXE
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        7⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4895.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        7⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        6⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        6⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
        7⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 188
        8⤵
        Program crash
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        7⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        7⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        6⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23975.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42195.exe
        6⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        6⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        6⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        6⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15518.exe
        7⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        7⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18023.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        6⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51890.exe
        5⤵
        
        PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        6⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        6⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        5⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
      4⤵
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        5⤵
        
        PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
      4⤵
      PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
      4⤵
      PID:8332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
        7⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        6⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17776.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2682.exe
        8⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29204.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27893.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe
        7⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36860.exe
        6⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53399.exe
        5⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63478.exe
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        6⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58522.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        5⤵
        
        PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        6⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        5⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        5⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        5⤵
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        6⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        5⤵
        
        PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1994.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      4⤵
      PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
      4⤵
      PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
      4⤵
      PID:7840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2463.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        6⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15837.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36231.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        5⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        5⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        5⤵
        
        PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30873.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
      4⤵
      PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
      4⤵
      PID:7892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
      4⤵
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        5⤵
        
        PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
      4⤵
      PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
      4⤵
      PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
      4⤵
      PID:8376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22190.exe
      4⤵
      PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
      4⤵
      PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
    3⤵
    PID:328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
    3⤵
    PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
    3⤵
    PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
    3⤵
    PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
    3⤵
    PID:5632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
    3⤵
    PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
    3⤵
    PID:6480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43139.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6297.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        7⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        6⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 188
        7⤵
        Program crash
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55773.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        6⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        6⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        7⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        6⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        5⤵
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13833.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 188
        6⤵
        Program crash
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47350.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61234.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        5⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        5⤵
        
        PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        5⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        6⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        7⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10718.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52268.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        6⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        6⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        5⤵
        
        PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48055.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        5⤵
        
        PID:2016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        6⤵
        Program crash
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        5⤵
        
        PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
      4⤵
      PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
      4⤵
      PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37429.exe
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
      4⤵
      PID:7776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
        6⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37547.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        5⤵
        
        PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
      4⤵
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        5⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        5⤵
        
        PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19911.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
      4⤵
      PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
      4⤵
      PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4978.exe
        5⤵
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
      4⤵
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        5⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
      4⤵
      PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
      4⤵
      PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
      4⤵
      PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
      4⤵
      PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
        5⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3600.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
      4⤵
      PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
      4⤵
      PID:8796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
    3⤵
    PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
    3⤵
    PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
    3⤵
    PID:6152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
    3⤵
    PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
    3⤵
    PID:7676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23831.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43240.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        6⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        5⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37252.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        5⤵
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17322.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4895.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36562.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
      4⤵
      PID:7860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21232.exe
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        5⤵
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
      4⤵
      PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
      4⤵
      PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
      4⤵
      PID:8756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
    3⤵
    PID:4568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
    3⤵
    PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
    3⤵
    PID:6168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
    3⤵
    PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50159.exe
    3⤵
    PID:7704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        5⤵
        
        PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49697.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6603.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
      4⤵
      PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
      4⤵
      PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
      4⤵
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
      4⤵
      PID:7284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
    3⤵
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
      4⤵
      PID:7468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
    3⤵
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11853.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32004.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
      4⤵
      PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
      4⤵
      PID:7376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
    3⤵
    PID:3568
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 188
      4⤵
      Program crash
      PID:4688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
    3⤵
    PID:6372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
    3⤵
    PID:8168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        5⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61521.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        5⤵
        
        PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
      4⤵
      PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      4⤵
      PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25973.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
      4⤵
      PID:8120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23628.exe
    3⤵
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
      4⤵
      PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
      4⤵
      PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
      4⤵
      PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52983.exe
      4⤵
      PID:7724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
    3⤵
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
      4⤵
      PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
      4⤵
      PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
    3⤵
    PID:3132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
    3⤵
    PID:6140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
    3⤵
    PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
    3⤵
    PID:7960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
    3⤵
    PID:8780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
    3⤵
    PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
    3⤵
    PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
    3⤵
    PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48734.exe
    3⤵
    PID:7400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
    3⤵
    PID:8228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
  2⤵
  PID:3160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
  2⤵
  PID:5532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
  2⤵
  PID:6356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
  2⤵
  PID:6408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe

Filesize
468KB

MD5
c53ed666f4f61dcb5e2669fa94162369

SHA1
085e4d7ad114189dd720113504ab81ec857ed98e

SHA256
664a47a467c1c5e1f4ac4f15ad06a718144e1e69d1be3a90a34d3c5d9a92ac5f

SHA512
8651fb5e651c20df69b7b7b4cee59dba4ed7dda545cdc1646be897bab30ab66050e05192ead3828d6035a701e80dabea2cbc2a2bbff1a253695cc5d66d9d1eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe

Filesize
468KB

MD5
16e45b3f7fbbc17660583b6e8286cac4

SHA1
0133ed4da1a4044d088864dadb1e7b18da6b80bf

SHA256
110cb28974c9e022d7fb24f9a3260d8090bf65e20a48834787303ff27f34b830

SHA512
b916b803aebd7308ad32ae778077fa67922c4d4d69040c76e53b047d0d084f4a57cccd62dcfbcbfd8221c456bf234cd050493acf309e5235a075d7d26583eec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe

Filesize
468KB

MD5
2bd67f3099726294a825dce21b427ac6

SHA1
1af2db6124e7863c71f1a15fad6b5c771a080eb7

SHA256
ab5a9313b34b1b4ebdb94f29c7d0ab18070613c9bd83468290db219113ac13a8

SHA512
125f21663da4c4dc9caa44ca8c83fca6d40f655558b23e220fb6ec403ff9b02258e523cd8455e6e4abcf2b9e41135f38eee4cfd95f3db9fd76372d35930251e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe

Filesize
468KB

MD5
9d7598f5775ba4c0bfc24398a5b34d0e

SHA1
d686582c82a2d58dcb3cdbc13f15e1f65c536ff1

SHA256
2d2681862d2dc2efe166dc1e4445e1fe067ca09cd290b8b37f311f7de5cf6687

SHA512
4fd6c657e26c4cdc20cbe889f323297fa354664d6ff1e571bbeb4654d01b18606bfab55d292439ea89f1dc4c8d1de22c51fb21d73474d11259606b196baf4243

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe

Filesize
468KB

MD5
339a7e2df8a3abaafe6d50fefce11a9f

SHA1
200bc10eb8d3f7e8245eac8626c49c33cb060f27

SHA256
96e2a261eaa79d6c459da9661f4315c1c2bed90b54f8ce8f5a1380aa82a5195d

SHA512
e7f302dde0128f6ea3f8829e4d4aa1f80e3b9e39fd33808af13a51c0cc7aa23c8e513d1e4fe0405b833c48a699c5bb4c6baa7bb5ecf6c35f4d4096eade39fca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe

Filesize
468KB

MD5
5236127e7b1d4996ac0eb6f78c9abe9b

SHA1
6fc95f9ff014c401be4c2f60d66a4c8fcaa735e2

SHA256
fe29ffe9c1ae110040e424fcd5d91a974cc8ef255456c2ab7d88b07b72824c57

SHA512
15b67b162fd0eff4a536c0d85fed1aaa273b82f475b02ed512402c45c35063983de22971df63eca2aa07d2f7ff7c5ce882b4c055da540d8448964ecc2545b134

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe

Filesize
468KB

MD5
94c1fa4d8c7c85481460d18a865e4685

SHA1
fed19a2ef975092744af609e3fc5cbea8da1cbfe

SHA256
d1ed20f26a40c8e67cc98f3053348c4b3f8324188b3f772e9c1953ffda9841e2

SHA512
fd2350336380b0651c0ee5d64b022bc810a3a71bb0faff08ea241982df3d3f6815d1d3511e8b9da6bf2e864a6d265ab5d19ad3f5e5200237241c35dca78b86f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43048.exe

Filesize
468KB

MD5
747ab3caa9baacb8ab8010ac02ad7bd3

SHA1
41c980fb4306661cc280002b7b00cdf3c337838c

SHA256
5ee7d42160acd37898fb68b000e0763198991fb93dcd36379f8aee4a3d46e57d

SHA512
21c2c6cf6b97f6ff1f897738ab31e867fa3150b0cce40e2c13da6808fe22ed3e0b9f03bfc46cbf0dd892fb7af541e335d9c60b3bd408506075dc17881a7d0c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe

Filesize
468KB

MD5
9a7977466db8e0be29ea621b37446be3

SHA1
76a8e59a15081b8f1374a0b2127aecb1c9e5f132

SHA256
f9504b6e7c4f07e155166ade35bca1f4705987c02de02049186e2226a3067455

SHA512
ace18cd3629e480d03b997de58637d3cb5ff5c236bbea5cbd7dbb32a3bb3e91a9ae8940d0fe2bbd542f01243ae6d57954c855864b1be1041c3e7be7ffe2a88ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe

Filesize
468KB

MD5
4f0f63984d4a61144a6f02d43b0a9372

SHA1
bac545ba96011f2b15c3caf2e164d0e4d706ce9f

SHA256
5827069d4c3e3e0446d923be9a11c49c737695448a8921de167df8454efe3b66

SHA512
93fe4ae8de4a4acd32324dc2b98350a2b2036a909dc83c020f21fae6f4706eaee686c871e5c515fd60dd4793d3119ab2948abdf4aa5c92c072cee45fe52d5e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe

Filesize
468KB

MD5
90a5212feb191c178b1e496d5936c788

SHA1
3d4b08b68a154895d7d33e1e39512f4f79b79bd9

SHA256
7ea78fde270e21bac95c21c208f2b4fedd78b4b0732ffeaa9c5b52c17e8539d9

SHA512
aecbfb58cf9caaae32608bb066aad4365db7f4f54763c1f5e83868a510ea2a8a8863f9aa99250eab1aef5871353de6c9468f6f26188928d28d59d28c4d9c03a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe

Filesize
468KB

MD5
2de1d86eb3115aa4fc4eb6f61665a462

SHA1
3a56c08eb31441c7aec50cef0441d418a1b8587d

SHA256
10c9b78dde9b002eb5bc57fe208299601dad34c28e9a61ef6db0cdf2fb95b14b

SHA512
6b6e10a7e2e0cb05b87dfead021a7011c9a8070abdcbaee74d355abdadc402245c30a3387fd004cf0fd95ddbc7307d4acfae0315cd8e6b8a3cf63f63bd62359c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe

Filesize
468KB

MD5
c2c0fb2718960a585bcd4f800674048b

SHA1
678a1963749ca3a6c483245a11c32b8973a30b80

SHA256
1af1fa8eea032ad5fe58eebc55bd1ba9adc2c56723d0a4fcfa437c0dba18bf2d

SHA512
42ebeb1b885c4d63889ae62a68ef4a50cabad6c83e1d4d5f6433647e63c3f0773feff31093eafcd8ca11f7657a3353ac9bb4135835ca74992fd39e1766fdc258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe

Filesize
468KB

MD5
490992970d3aabd1370c4d7225709f2b

SHA1
0de7ba68465eb6faaafed0b72386ea1e3faae3af

SHA256
a57575b74c60503dac2f516cc4487f4248de2410fd1951bc6a7bae9d65d43bbd

SHA512
7b9971603d5a3333ce89dd214a8aafd6ede9f627bf435914d594010d6c1c6c3a47661fba007ee188ff7f34a05d09e667145cca405e08fc8950f78bd3d4ced0e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe

Filesize
468KB

MD5
809b95e0a78c3755234722faaf89634c

SHA1
1eeedff5c55c9e54192706eda6e587420eb2cec2

SHA256
88bbdd89d7b35b3916157e6650b6027a14ea7a0c28a0c46035fff9e9918da07e

SHA512
e3ac9a8db3763ca8bf57898bb92dac7c05ecf8c1d12ecd1823ec1aa909d4cd372b6c6674239e3a7ce9e595566982c73c194860af2653b905dc257b0f63cfccf2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe

Filesize
468KB

MD5
f9d1122ae8b70c4ad049fb4d31978686

SHA1
31ae986803710dba1dad6a1212bd92a604816ee7

SHA256
e99ec1755d044c74e92d9505ad54b819323e37b89bb19b54fe567132cf651a74

SHA512
7ab073fd80d1ff877b4470ccb77074f7a82798a1d5f626e36b1d445f1460ad4444c363f87e579a18da67d09eb03d96b0de7b2984b8e9597210286f6a2e6fdb91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe

Filesize
468KB

MD5
32d9c3053d6ccbc100daaa4445623bf8

SHA1
4e69bb88f85af257734ff516f9e781541b8504ed

SHA256
21d56aa2bcdc8cf82545ed4cc75d4a3cc2f37aa35425741f079bf98391f6fdc8

SHA512
feaa5c14c57fa16735fef4d0a1ec06f4639d5e8d1f4ee3ca1ef46095ee6ed27e245dbacf391cf7c4d8266c0e869d41e5e9f10688b76254e55a993ae371309690

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe

Filesize
468KB

MD5
084360703ce114a7eef6243a74feaf52

SHA1
666704e8706c70b1152f99b6937631177bc8feb6

SHA256
134e17a69086ffede5283b4f2f538581b2a0dad51da942251fc63918704adf48

SHA512
2202a6d1139abbcade71e23446f75c6ac9b27104107ba3e6888bf29aaa95438fb2ec369ffc6a652514753984bbfc25212e0d839a31578e57d105c34f57eaf898

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe

Filesize
468KB

MD5
4b33183cdafb344bb9f668a9fe2704a1

SHA1
155bbfa832a3a16acf7f68afc9bd350df1f9c0c7

SHA256
fcb49bfe9c82e1fbeb9a6722fdddd00af1f41f9e2a81cd1a8023f7aeb6aa093c

SHA512
5a4b0ed6d1586b92e85d9ff6ec0ced8ff6bccc2a66ae1a2f4dd61b89e75f80a8f0cafdc4c8e4da708ebc67335938a49b034d8eede0fb2a250b5f7c06e9532875

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe

Filesize
468KB

MD5
e3ed2a10d232a1d42f32d168af1bacd6

SHA1
17172f09d62712bfb83c5b213ee799a648fb4c76

SHA256
4536f396bb9adbe022ef5605f8cbf8a955037c282d709bc179800d671a7ece87

SHA512
69cf9306133bd3eaf8cd2fc9bee03033ccc48fdfe12f790ff1785f016ac3e663c12aec2ee2ae83cec271fb4824b95b83a6509f63539cfb5a1465b2ff2f8bb1f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe

Filesize
468KB

MD5
bc1d9f7f8dda357bba87b8e38bc1fe74

SHA1
b5fec5de77b17d1b9cd2da6f140e33fe90d8f98f

SHA256
64740ca641aa6a650cc7e40a64c10f0f8c359380049bac1287a2a4d43f96884c

SHA512
647e43670f1f5d811590335883d660ce641ebffe3f4958275eac412c47e83c14621568c62f3c4f8b9702e93427376fbf01c435d6d71b069f5e22553f249493a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe

Filesize
468KB

MD5
47d47e586cd0a0e6a38381c2399ef4be

SHA1
6c2d6c2ae9742d390ea8e9435131f6cd08efe787

SHA256
2639146ea11685168b748cd9a2520e4e4af0de03fbc384006a982af982908a94

SHA512
182530314e168a87b3a429c018f8e0e136609147be102e161f7ce18eec03b5c39753a4dbc8144af82fc4b097bb74f68e98426435cc7460000cf2f3c184d49b66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe

Filesize
468KB

MD5
9ecf225ec09d1c39ace4d181d5f8d7c7

SHA1
86e654b7f3117b8f7e208bbf29da75a4eedc8c78

SHA256
84224e73ce134992b5411e11b2b93502cd93369ec8c0d878073bcb3e6b15e134

SHA512
294aaa53a70104345885ce8ec483d004967ba6f67f7131db606bbeb1589f7418bc30f560cd5a73877611c278e44f85c8c86b89659ea2d27a26438352cf8b9279

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe

Filesize
468KB

MD5
c6179a00bc8e00523b7af2385668fa07

SHA1
2f9fcc3142db334996b8798cd845c14e09db939c

SHA256
29e565dc9a9b615fe24694db0b6c2e92990c055b2f5744dcb60aa303bc594876

SHA512
bd0351ef7cb0a2349bd44195a3a4fe2a2e95619adc4c08952276a914d3feea051260ec5a5137b5dcd47df2d946f1b647d9b297578070986a9e3922a66efa5d1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe

Filesize
468KB

MD5
be63deb1eaddb24db515f33ee4d781d1

SHA1
3c3eda73249d51895d9262e748bcd558bc812af2

SHA256
e42d64811885d362bcbdfb02fc112334ef11f2cdb2750aaeacf26fec5fa112b1

SHA512
ab986f26dbacc48771ebf0d8d505abb8e921bcebb24f1328f92eb5ed3393df3e99f66668627c1fb670dd2e9c5d9e72efa4bcaaed5dbc2f496489fbc5c6f83b5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe

Filesize
468KB

MD5
d6a30daff878dc8b77cf4580cf9b85f7

SHA1
5dbbefb4622c1aa94660a33c452ad16227d9ec9a

SHA256
2c071f7be5e1de12837f61e2d94b98fcfee3afb0cc5f4169f5151b3d0d7cce9f

SHA512
587cb90be9133fa43357d3c5487fa275b453c84f4acd5a8dcb65a7cbbcfa6c2a761152565293b231a6c510ef3968366a5d1793d317339ee8b26bfe47e0b36356

Download Submit