c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe
Size

468KB
MD5

69c2c8c39f899a03d981dcb14ff5387a
SHA1

b35400673b31839c8d6a5e3587e1bce39bef68f5
SHA256

c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d
SHA512

295ec87d5d31e0c674da2d3782a55476de80658b7cd2a5910186569f8ca23a84aee6bfc918273c09d95ce7b5e1d7328f82e66ffe4387c7f9f7a6540035105230
SSDEEP

3072:NUQzow1GD0lYtbyfPz9jNfTsDng54bpin1HCOVmZooHI4MSN4/lQ:NUgodQYtuPZjNf4lF7ooohSN4

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3088	Unicorn-60920.exe
1464	Unicorn-60936.exe
4396	Unicorn-56338.exe
4132	Unicorn-64408.exe
1516	Unicorn-46427.exe
4892	Unicorn-26561.exe
4360	Unicorn-24152.exe
4676	Unicorn-52600.exe
1648	Unicorn-19736.exe
1944	Unicorn-19736.exe
916	Unicorn-14753.exe
1832	Unicorn-1489.exe
4720	Unicorn-47426.exe
3692	Unicorn-61161.exe
540	Unicorn-29662.exe
4412	Unicorn-50296.exe
4432	Unicorn-62034.exe
1776	Unicorn-61650.exe
4932	Unicorn-15979.exe
1128	Unicorn-55688.exe
4712	Unicorn-21563.exe
952	Unicorn-55304.exe
1512	Unicorn-64441.exe
5012	Unicorn-47609.exe
4312	Unicorn-56274.exe
3912	Unicorn-36673.exe
3668	Unicorn-50409.exe
2588	Unicorn-15803.exe
2896	Unicorn-26200.exe
1744	Unicorn-64162.exe
3084	Unicorn-44936.exe
3292	Unicorn-44936.exe
1920	Unicorn-37353.exe
2188	Unicorn-23617.exe
1244	Unicorn-27339.exe
1620	Unicorn-47240.exe
728	Unicorn-40726.exe
5100	Unicorn-10846.exe
4784	Unicorn-15034.exe
2300	Unicorn-64043.exe
3448	Unicorn-48392.exe
3264	Unicorn-48392.exe
2044	Unicorn-63659.exe
2536	Unicorn-32248.exe
3036	Unicorn-43409.exe
448	Unicorn-63275.exe
2084	Unicorn-63010.exe
1828	Unicorn-13882.exe
1260	Unicorn-53954.exe
1124	Unicorn-26689.exe
2456	Unicorn-58022.exe
5080	Unicorn-21480.exe
4572	Unicorn-36690.exe
1488	Unicorn-20811.exe
1468	Unicorn-54552.exe
2028	Unicorn-33041.exe
3328	Unicorn-37375.exe
4108	Unicorn-62537.exe
116	Unicorn-22347.exe
2428	Unicorn-33045.exe
4556	Unicorn-41785.exe
2732	Unicorn-50219.exe
4200	Unicorn-33800.exe
4828	Unicorn-32731.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6340	1972	WerFault.exe	172

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65337.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6384	dwm.exe
Token: SeChangeNotifyPrivilege	6384	dwm.exe
Token: 33	6384	dwm.exe
Token: SeIncBasePriorityPrivilege	6384	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe
3088	Unicorn-60920.exe
1464	Unicorn-60936.exe
4396	Unicorn-56338.exe
1516	Unicorn-46427.exe
4132	Unicorn-64408.exe
4892	Unicorn-26561.exe
4360	Unicorn-24152.exe
4676	Unicorn-52600.exe
1944	Unicorn-19736.exe
916	Unicorn-14753.exe
1648	Unicorn-19736.exe
4720	Unicorn-47426.exe
3692	Unicorn-61161.exe
1832	Unicorn-1489.exe
540	Unicorn-29662.exe
4412	Unicorn-50296.exe
1776	Unicorn-61650.exe
4932	Unicorn-15979.exe
4432	Unicorn-62034.exe
952	Unicorn-55304.exe
1128	Unicorn-55688.exe
4712	Unicorn-21563.exe
3668	Unicorn-50409.exe
1512	Unicorn-64441.exe
5012	Unicorn-47609.exe
4312	Unicorn-56274.exe
3912	Unicorn-36673.exe
2896	Unicorn-26200.exe
2588	Unicorn-15803.exe
1744	Unicorn-64162.exe
3084	Unicorn-44936.exe
3292	Unicorn-44936.exe
1920	Unicorn-37353.exe
2188	Unicorn-23617.exe
1244	Unicorn-27339.exe
1620	Unicorn-47240.exe
728	Unicorn-40726.exe
5100	Unicorn-10846.exe
4784	Unicorn-15034.exe
2300	Unicorn-64043.exe
3264	Unicorn-48392.exe
2044	Unicorn-63659.exe
3448	Unicorn-48392.exe
2536	Unicorn-32248.exe
2084	Unicorn-63010.exe
3036	Unicorn-43409.exe
5080	Unicorn-21480.exe
448	Unicorn-63275.exe
1260	Unicorn-53954.exe
1124	Unicorn-26689.exe
1828	Unicorn-13882.exe
2456	Unicorn-58022.exe
4572	Unicorn-36690.exe
1488	Unicorn-20811.exe
1468	Unicorn-54552.exe
3328	Unicorn-37375.exe
2028	Unicorn-33041.exe
116	Unicorn-22347.exe
4108	Unicorn-62537.exe
2428	Unicorn-33045.exe
4556	Unicorn-41785.exe
2732	Unicorn-50219.exe
4200	Unicorn-33800.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 3088	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	89
PID 404 wrote to memory of 3088	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	89
PID 404 wrote to memory of 3088	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	89
PID 3088 wrote to memory of 1464	3088	Unicorn-60920.exe	94
PID 3088 wrote to memory of 1464	3088	Unicorn-60920.exe	94
PID 3088 wrote to memory of 1464	3088	Unicorn-60920.exe	94
PID 404 wrote to memory of 4396	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	95
PID 404 wrote to memory of 4396	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	95
PID 404 wrote to memory of 4396	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	95
PID 1464 wrote to memory of 4132	1464	Unicorn-60936.exe	98
PID 1464 wrote to memory of 4132	1464	Unicorn-60936.exe	98
PID 1464 wrote to memory of 4132	1464	Unicorn-60936.exe	98
PID 3088 wrote to memory of 4892	3088	Unicorn-60920.exe	99
PID 3088 wrote to memory of 4892	3088	Unicorn-60920.exe	99
PID 3088 wrote to memory of 4892	3088	Unicorn-60920.exe	99
PID 4396 wrote to memory of 1516	4396	Unicorn-56338.exe	100
PID 4396 wrote to memory of 1516	4396	Unicorn-56338.exe	100
PID 4396 wrote to memory of 1516	4396	Unicorn-56338.exe	100
PID 404 wrote to memory of 4360	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	101
PID 404 wrote to memory of 4360	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	101
PID 404 wrote to memory of 4360	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	101
PID 1516 wrote to memory of 4676	1516	Unicorn-46427.exe	105
PID 1516 wrote to memory of 4676	1516	Unicorn-46427.exe	105
PID 1516 wrote to memory of 4676	1516	Unicorn-46427.exe	105
PID 4360 wrote to memory of 1944	4360	Unicorn-24152.exe	107
PID 4360 wrote to memory of 1944	4360	Unicorn-24152.exe	107
PID 4360 wrote to memory of 1944	4360	Unicorn-24152.exe	107
PID 4132 wrote to memory of 1648	4132	Unicorn-64408.exe	106
PID 4132 wrote to memory of 1648	4132	Unicorn-64408.exe	106
PID 4132 wrote to memory of 1648	4132	Unicorn-64408.exe	106
PID 4396 wrote to memory of 916	4396	Unicorn-56338.exe	108
PID 4396 wrote to memory of 916	4396	Unicorn-56338.exe	108
PID 4396 wrote to memory of 916	4396	Unicorn-56338.exe	108
PID 404 wrote to memory of 1832	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	109
PID 404 wrote to memory of 1832	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	109
PID 404 wrote to memory of 1832	404	c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe	109
PID 1464 wrote to memory of 4720	1464	Unicorn-60936.exe	110
PID 1464 wrote to memory of 4720	1464	Unicorn-60936.exe	110
PID 1464 wrote to memory of 4720	1464	Unicorn-60936.exe	110
PID 3088 wrote to memory of 3692	3088	Unicorn-60920.exe	111
PID 3088 wrote to memory of 3692	3088	Unicorn-60920.exe	111
PID 3088 wrote to memory of 3692	3088	Unicorn-60920.exe	111
PID 4892 wrote to memory of 540	4892	Unicorn-26561.exe	112
PID 4892 wrote to memory of 540	4892	Unicorn-26561.exe	112
PID 4892 wrote to memory of 540	4892	Unicorn-26561.exe	112
PID 1944 wrote to memory of 4412	1944	Unicorn-19736.exe	113
PID 1944 wrote to memory of 4412	1944	Unicorn-19736.exe	113
PID 1944 wrote to memory of 4412	1944	Unicorn-19736.exe	113
PID 4360 wrote to memory of 4432	4360	Unicorn-24152.exe	114
PID 4360 wrote to memory of 4432	4360	Unicorn-24152.exe	114
PID 4360 wrote to memory of 4432	4360	Unicorn-24152.exe	114
PID 1516 wrote to memory of 1776	1516	Unicorn-46427.exe	115
PID 1516 wrote to memory of 1776	1516	Unicorn-46427.exe	115
PID 1516 wrote to memory of 1776	1516	Unicorn-46427.exe	115
PID 4676 wrote to memory of 4932	4676	Unicorn-52600.exe	116
PID 4676 wrote to memory of 4932	4676	Unicorn-52600.exe	116
PID 4676 wrote to memory of 4932	4676	Unicorn-52600.exe	116
PID 916 wrote to memory of 1128	916	Unicorn-14753.exe	117
PID 916 wrote to memory of 1128	916	Unicorn-14753.exe	117
PID 916 wrote to memory of 1128	916	Unicorn-14753.exe	117
PID 1648 wrote to memory of 4712	1648	Unicorn-19736.exe	118
PID 1648 wrote to memory of 4712	1648	Unicorn-19736.exe	118
PID 1648 wrote to memory of 4712	1648	Unicorn-19736.exe	118
PID 1832 wrote to memory of 952	1832	Unicorn-1489.exe	119

C:\Users\Admin\AppData\Local\Temp\c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe
"C:\Users\Admin\AppData\Local\Temp\c3e7dcea8258286be71c08e3b7febd3ccba8104f9a79742c29ac0e15b345dc7d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        10⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        10⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        10⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        9⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        9⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        9⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        8⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        7⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        9⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        9⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        9⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        8⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        7⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        7⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        6⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        9⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29933.exe
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64230.exe
        7⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        7⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        6⤵
        
        PID:16328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        6⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        8⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        7⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        6⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        6⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        6⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        6⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        6⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        5⤵
        
        PID:13768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        5⤵
        
        PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        8⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        7⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        7⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        8⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        7⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        6⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54847.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        5⤵
        
        PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        5⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        7⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        7⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        6⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40097.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        6⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        5⤵
        
        PID:16320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        5⤵
        
        PID:15936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54299.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        5⤵
        
        PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
      4⤵
      PID:14664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        9⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        8⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        7⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28113.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        7⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8135.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        6⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
        5⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        6⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21745.exe
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        8⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        7⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        6⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
        5⤵
        
        PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        6⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        5⤵
        
        PID:10940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        5⤵
        
        PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
      4⤵
      PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
      4⤵
      PID:14136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
        6⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        6⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        5⤵
        
        PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
      4⤵
      PID:14776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        7⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        6⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        6⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6296.exe
        5⤵
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        6⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        5⤵
        
        PID:184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        5⤵
        
        PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
      4⤵
      PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
      4⤵
      PID:17284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
      4⤵
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11191.exe
        6⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        6⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        5⤵
        
        PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
        5⤵
        
        PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
      4⤵
      PID:15388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
    3⤵
    PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25141.exe
        5⤵
        
        PID:15292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22369.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
      4⤵
      PID:12764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
      4⤵
      PID:16068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
    3⤵
    PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
      4⤵
      PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
      4⤵
      PID:14464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
    3⤵
    PID:11632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
    3⤵
    PID:3148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        7⤵
        Executes dropped EXE
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        9⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        9⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        9⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        9⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29826.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        9⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        9⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        8⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
        7⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        8⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        7⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28456.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        6⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
        7⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        6⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39118.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        7⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        7⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34638.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        7⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        7⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        8⤵
        
        PID:16536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        8⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2501.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        7⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        7⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        6⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56376.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        7⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        6⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        6⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        5⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        5⤵
        
        PID:15428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        7⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        7⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        7⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
      4⤵
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        6⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        5⤵
        
        PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        5⤵
        
        PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
      4⤵
      PID:15432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        8⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        7⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        6⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        5⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
        5⤵
        
        PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        5⤵
        
        PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
      4⤵
      PID:14448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39310.exe
        6⤵
        
        PID:10736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        6⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        5⤵
        
        PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        5⤵
        
        PID:14648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
      4⤵
      PID:16392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36690.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49855.exe
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        5⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        6⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        5⤵
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        5⤵
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        5⤵
        
        PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
      4⤵
      PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51330.exe
      4⤵
      PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
      4⤵
      PID:16024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
    3⤵
    PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56123.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
      4⤵
      PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
      4⤵
      PID:15724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
    3⤵
    PID:9724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
    3⤵
    PID:13608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
    3⤵
    PID:16780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        6⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        6⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        5⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        6⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35720.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6199.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        7⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        6⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        7⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        6⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        6⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        6⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1066.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
        5⤵
        
        PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        5⤵
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
      4⤵
      PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        5⤵
        
        PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
      4⤵
      PID:14104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40808.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        7⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        5⤵
        
        PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27429.exe
      4⤵
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        5⤵
        
        PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
      4⤵
      PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
      4⤵
      PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
        5⤵
        
        PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36664.exe
        5⤵
        
        PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
      4⤵
      PID:14124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
    3⤵
    PID:1972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 540
      4⤵
      Program crash
      PID:6340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
    3⤵
    PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
      4⤵
      PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      4⤵
      PID:14376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
    3⤵
    PID:8400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
    3⤵
    PID:11724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
    3⤵
    PID:15368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        6⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38542.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51926.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        6⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38585.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
      4⤵
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14842.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
      4⤵
      PID:15044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
      4⤵
      PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
      4⤵
      PID:14348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
    3⤵
    PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
      4⤵
      PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
    3⤵
    PID:10416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
    3⤵
    PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
    3⤵
    PID:18228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
      4⤵
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        5⤵
        
        PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
      4⤵
      PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
      4⤵
      PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
      4⤵
      PID:14948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
      4⤵
      PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
      4⤵
      PID:14704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
    3⤵
    PID:9860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
    3⤵
    PID:14720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
      4⤵
      PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        5⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        5⤵
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
      4⤵
      PID:15992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
    3⤵
    PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
    3⤵
    PID:4956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
  2⤵
  PID:5488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
      4⤵
      PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
    3⤵
    PID:8084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
    3⤵
    PID:12120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
    3⤵
    PID:3792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
  2⤵
  PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
    3⤵
    PID:14904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
  2⤵
  PID:10004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
  2⤵
  PID:13448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
  2⤵
  PID:17304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1972 -ip 1972
1⤵
PID:6884

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe

Filesize
468KB

MD5
45f3f89d3fba6d34f8392ecc70cc99d7

SHA1
665d691b597d0adf8135604a4c59009109817a2b

SHA256
c38f674b9cb9a0e3ec417f21614ca779c2d5e2bef13e970f40d6bdbc51d3e95b

SHA512
6f1f42f57c2ec819f3786226fbdcb944cc67297da2262362b5ae353c4f43296fa3313634b6d0e9caf0425bff48a8fd2efd7bd9b5d0a3024229c48223b7487527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe

Filesize
468KB

MD5
a0b267868c777f3012b948eafe273c36

SHA1
6994810d5a500b7e00afc0a8e7112259e10a2a5a

SHA256
efa1df8c6a00e35cc332f67a5de572ad4d9d3a3117278b572718ea7e0c6e307b

SHA512
9d69848d3b5ae79c314aa7b11e7943698a891fac5c796820f87e7defc367d615623d974f5de58cdd4af5cfc45456a43248c4c755b09257e117ded328acf04206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe

Filesize
468KB

MD5
410da3362a121fb2b4f4b31c86ddf0f2

SHA1
188d4a5c35320cfa31041e28e2c3348c338d7af1

SHA256
2487527a68a5301aa18cb4898a3e14ab4c3127c2e11b37f863c2a831df35a507

SHA512
a02fb0992361f5078914c6e0b5f9363946760606f7964a9df02b39dcd3778cca7b67ae749c15c857801fe511fec2f69007242a3f935dca4a97f2f42ba51d43b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe

Filesize
468KB

MD5
9506c7b8e288a31e9e007396ff08aea6

SHA1
bbef169eede1bfcae112ba8be1ed1fa01af3547c

SHA256
5d109fc03d582db8c2fc95857591046b46f7a7198bbf40d47bef00f95f4db509

SHA512
9d592ae04cee79d0303233ae956d87256edb7582c25d5aa5e58856d8902321b6b2a77358fe97f286afff0e61daa3acf9e75a94a151953fa0473c755bb5dab01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe

Filesize
468KB

MD5
22feda9a9512ddeb2599af1c716915c9

SHA1
d223b557ee3e463e69c0266d0bdbbae7f9298d7c

SHA256
8250ef3a9c37715eff0479ca6c031d91a4edb3ebfb076bf70d694c8620115134

SHA512
50cee63ef98165de82c1a6a1188adf01c61f6bef232b27fa86fd9e220b53035d134a42893405976779ca80b802108b8530a907b981c152dae07bc9c261affe88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe

Filesize
468KB

MD5
be63a4c0907fee7763afb19f1e363896

SHA1
ab82f5b477f8be8859c4a2876e9c6761b55804a8

SHA256
2102d8326fe93f2e88a9145b04afcffeb9bc61b5a2f679638be2e453c14efb37

SHA512
494046b1a34811c06a84efeea5111beac6468d92a085da29299259cbc72a283b15bc480a18dd6989876b2659da1971c03ca128f5fb54e06595c8deb63cb8f21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe

Filesize
468KB

MD5
3cf881724788f2000d5044f9069bbeb3

SHA1
fe45f12d213e7212f8a3b17c222a1db60e7eef98

SHA256
16082ba276ae677e248b425d3c99968339524ae87b004842f44500ca8b66cff7

SHA512
3dede354bbd76502791e4c7b46e5cff27b89f231089767ccec0536ab22b977325c21ff79681c6b99cf714b2af7e921b1cb73112d61fdb67d3b4b281b84dfa34c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe

Filesize
468KB

MD5
61cbf1d9c16c172e899075a2e0bb7f96

SHA1
399debf3d6b384d9aa393fbd928115a2bf8c133f

SHA256
b71483ad54864b8baec071a3f11a93f721d8dde5cad3e64d7230b5d2d06e5e16

SHA512
2410856cd326a5272e1e00925d904c2bb416431df1bce7b625eb347877c11e337c2935efa4ca2b5d5d2973366c1665711ef89dd8170a75dbd249bdb79c882e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe

Filesize
468KB

MD5
4c14847be9979c8b1c0214e3d784ccbb

SHA1
5a001000776093c109a6ec9061ab67b8fc49b56a

SHA256
b48c2fb8b87f33884b1dee931cda2716254939baf21210e2f507be32d63ae265

SHA512
19da001132e68c637ce2d58487fd1c55bf543885e17ec179e32ce28134c885ff2b0da7f66ccb3c7fd9eaf23196037a1d4d79acbaa8385d2cd645c817e11e5afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29662.exe

Filesize
468KB

MD5
38b6f69d67404e566762f1ba2fa96771

SHA1
c0485afee2b2f9eb6ddbabb6f5edd0aeffdc8c17

SHA256
f8c00b0c702b73127cb94e3c4384396e52e5d5d4f4dbce22b7aaebfe2d9598a3

SHA512
b47120678b82e9ca541cbb60ed0d3d5709915e3af1156e8d1953de00a576184ababdd9b252bc8974fac69351beaf7d1561d37537930eaec50ebf028ff91ac521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe

Filesize
468KB

MD5
0d4f548a47de0784abf47a2cff4e3895

SHA1
01b0f254aa9b9847624a8d0c5a2c1dea6612ef0d

SHA256
03cf83ee65033808f5b977d6992970ec2d25cc7c5191c3aaebdb855a435b11cc

SHA512
f70cc4d2b97832f847308f3966517dc17773e2f8a648ff926d20f7012b9b9f221bcfbcf456dd541b6ce12e65e220229b04c635b3cd94e22e7be47216a2a7c16d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe

Filesize
468KB

MD5
5e4a38cf3833b17a7eb469c0d6fc4997

SHA1
c5558a7ba67101e8ee93ff98a7f95999aaf93fd0

SHA256
cdd4444b2fe51b7f242eac8f70b24dd50af8a4606716167b85ca4fabd67a85ab

SHA512
dfd916f2d92cd1b7ee506b622f52f4bd1ac477d3975b17ca759f99483bc7a5b7c51bc869e0dfe0a24d71375149ed94ad6a8b34da67b4d963234522bdc0f562d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe

Filesize
468KB

MD5
2e5ba4d08b63e06af23c6bb231922f0c

SHA1
eb15bc0ff9df825deb54d4e7b110719dbcfbad22

SHA256
840ee5739abfd0a17622ecc9e9c426532ca9ea32588d704c302e39c8c8bd53a5

SHA512
12b106a71a66261413b44b12fcba584bb3eb0e72acfb487e45377c08267a6a1aa2472b9de2bf508e5c8226df4f673301ca35925d5538942f695d8e53842b6296

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe

Filesize
468KB

MD5
cfff7acc5fdc9d99929adc08840e0378

SHA1
c215f775071082b1a90f101ac0963120a20fcefb

SHA256
8b39d1fb54e8002371744c995d48910d8421056c6ff044cec2b345a5e8719fe7

SHA512
0f329adcf7e9d4325e255de8699b4f6d3bfcd0420ccc316d65439a47380611440a2d31a7f52e5dc751e549e0675c489064e63ad7a8531e5b0b129738f7bfd490

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe

Filesize
468KB

MD5
d2b4f1a8ce0c6ef67643d26756f3b8a5

SHA1
e0424a9af72ab415f639445695ed472b3fe3e837

SHA256
4966a210302ba5d39bd5ddca0e49c79b4e1bb86c9eef3c4b7126b823e6d53256

SHA512
f2a172d2a77a65551fb6c5cbe53f459a92ceeeb100809b03cb7d820efeb5cf5889032ded2d0b15929752ba322263136502ee6260f4fb60ee987b188d6161cd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe

Filesize
468KB

MD5
82af850456e66a0c108d050aaac0769e

SHA1
b4ea369c1f126a2872cf7aef70fd280e08d86820

SHA256
5d5cd754680cace88c632b61e70b29125b1204cb64b54fbf624eccbdfddce902

SHA512
225bee751845aaff0eb049a10965d071930fb4df12f226081ff8fdbf823f73722a8dd3973aecb0130f3584e5ef67aebc4f8bac784fe3b2a2619d6a4b94d203bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe

Filesize
468KB

MD5
37e72da3413e60c9e5c7923ab5b8ee54

SHA1
8e7555ba92f5b80f9b24e3b14c90f5d825be1e6c

SHA256
fa913f3263f72bbc49208972772333c7456f19b30302fb9f89b4b220593d1661

SHA512
83e5f2e2a3650d43603bdf1fe8dc875d62d49e60554cd05b5d07087ecf8b3e0538425ea9a87e8c765855bb1a189b74db247eff9aa2e98b4ea9e41455ccda5d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe

Filesize
468KB

MD5
ac38b273b9d163fd1e28d399d6308c87

SHA1
8c9007c6c67a420b76fc5a26d0d6632a2007e63b

SHA256
dcb152cc623c3a4abb6267e587849e86173dc450d423d42b939b672d62465674

SHA512
14c1b02b512fd7740202168e34ff2788cbd275f675355b7d85644cb3135fe8af8c801975f3126e9bb082a53ab34b138bed558a1737b32dd4e8f02c451aa31d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe

Filesize
468KB

MD5
2aba11ca519c875f279794fdfdb3a640

SHA1
232de036d442a37b7f5108ffff8f76072f6e5747

SHA256
981f43fa33b42f71f47b6522c3a5e60e1d8d8f0d87c5a8daec690a8532899caf

SHA512
2c79549a8b03741ee89f569db1cc221096603809f8cf06eddaa8d5cdfe906b9aa56c7f06f5114a3350001265094134a95460e7fab270be9d678265d459694996

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe

Filesize
468KB

MD5
136f3507a1fb004ac7760d832ec44731

SHA1
aa6bb1d83e446fc3d3fe96ad346d0478f76ee85d

SHA256
b8149eaffbe147f8f976fdcdeb2689e74d9c9372c37393116787a7fe518b646e

SHA512
1e0df8599d01758f4b8fe04179ad92ff7ac396b5d353531287a7b0d5c5f4bc66dde94331ccb157edfd1b64ff160c7ec9863fc5b483e38108e46e1399b5571f86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe

Filesize
468KB

MD5
2480c042723ec25530f88474feb5a01a

SHA1
cb464212d7574baaffc8af7c62a569bc555c7db3

SHA256
3efbdf9e0b57a195a4c965fbcce9274354923549d6932ff20fa7c6aaa7c21ac0

SHA512
dcaf3c18cf69708d4e456a7a985db49ac480f5c9936fe6c7024f2ce30510961241393e1e71b226b84a4c9c03a74c847ffbfa7f82a2e6e955fbcbb09bc781d0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe

Filesize
468KB

MD5
9551137736a6bf3dfe4af460990a5db1

SHA1
0d3032fda13f113d2938d32cb74020ceb7051b81

SHA256
b178258d2664fa448d0ada57a8fa1ce952535569b4c5fa054c2b84feae47ad7e

SHA512
c79e2f689fde4b46444914d2b24698a218d50645d72400c21f111a6fd760b0200b7bde40b20078a89f7d6b376689e443b1087ca9569323457d153e25d3daba24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe

Filesize
468KB

MD5
0d6a342a46f555ce5f02dbdb67505159

SHA1
3c87633addd221045328b09c4093acfd2c778fd0

SHA256
d4e3f9e08cf146ef167a1690cdf09f51367556740a8916216398ea00df14bc63

SHA512
f38009986636f0430161d008193f96a52fec8cff378d650b0136d498ee87921a5d11380e2ea38c160d1eaf0bdbaafb80accd9a3e6ae3ab8124eaef4941dd2105

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe

Filesize
468KB

MD5
b0f2faaf1de849a6fba71db69269e0cd

SHA1
1b5764f623598419fba669a145d5690bc84b8fb3

SHA256
082e2fd5357db0cc399551162147ced909d4158067ee7c83d6780d1c0de4fdb4

SHA512
4cd3815d4c233ecd46f5a25510f1eec8ab5fc4976b5512929c5d42a73810269bec0d42d60c3b361fc14bcdc9611a8ff458054eabf11e165a9eecaded2bcdde19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe

Filesize
468KB

MD5
5b85e1ccddee0b7af613303a06d2b8a4

SHA1
42674b1cde4d622c8518b5742ad4904940d4cb50

SHA256
f2bac0008a82cb9a9503ec8a181a04654f8ebd842deb8fee5f70cbd8a1c84803

SHA512
fc729c8e0e79f76466230e0d5638b0f553e5516530fe89d2dfe0284468c1e3139e8916ce54f6cc5447ed864cb1dec5d813757c157405e09d20244a7180c5cc3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe

Filesize
468KB

MD5
904a0e06c9b8187d46286547f935084e

SHA1
64b131063e70ed9a3dfa77c7c0825c9fe33a1e43

SHA256
d6e6c3d1d5ffa0087df906c7b857bbbe7c2343a5872bcd88c244ca9554b575c0

SHA512
486b3970051a0f66d47a16ccf3edafbb228a378d4622af6d8b47e30d43960b83c8bfa29d86e431dd0d867c5a407118aaa9255224ffd31124f4ce26b63ac6227c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe

Filesize
468KB

MD5
bc7759352d5ad0c4ad8c83869af16a02

SHA1
79fb897b2694b1ddbad016f13f13a32e77710a39

SHA256
6d7722530cca9c1d80e982c04463ec1260dd3a709942fb08d69c950cdd2c0d41

SHA512
f53c47681aaf1081b6d51974fe8bf03bfd97e6270fe98aae7bfe1b9b116f4356c58fa7dc6eba379bccf9270735a6a58c30218a43faa3256a231691c3e35c31c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64162.exe

Filesize
468KB

MD5
ade18025bfde8994309e146075515015

SHA1
30e1a333fa7df237eff3d1e6bf4e6397ea45be61

SHA256
e1d8c16f2ca7d89dfcc87c0b7f4440c7ef872e0f1904779261ff0e9de20d46b2

SHA512
a462c4cb1b13bd1617506a028a7ac04d40fa1c2dad900754e54bb4d73ed4e6257277e6ce7382dd5237a4acf9f560314e8d3cc522e9564a0f8c1976a9c2b2811b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe

Filesize
468KB

MD5
df91097887a9de4a0c1c89a8d8d1bbf1

SHA1
2d17236147ed6763d237e285761f8156b45709ec

SHA256
510dcfbe4758eb118fb7e3535254469cd80853a1678588aa62ebc07a767ec54a

SHA512
295269517ac9ad9b51d413306827520ac5813722a282a0fc7c70d63592e0c4052917d5dc2685866aa21c3a3f045b465ebf7e964ed39c82f370e6e1d7ec85a1db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe

Filesize
468KB

MD5
ae33e3cd173936461b55891fc098a56d

SHA1
4c43555934f686d3969f7a7dcdb7ad3d6621d1e8

SHA256
9d18b5ee79e5f58654469a3cf7105bacd488072a2628782eb2e7ec33512cc81d

SHA512
88eea9dc5d74b25b94b8ce8bc4efe5aeac2720192915c4edb7c285f6fc021ce12f648b84d7be4e87733ebdaf5ebb8ed7055c10bcbda885ddb90e2134c7865396

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe

Filesize
468KB

MD5
3ceeb1d6d192c9056c9db82cb25c848a

SHA1
828eb2a2978b9ac6d80b1b7d6e0d69f51ae8d9bc

SHA256
d17f89d0698c9c2d59570b5ac9f78f1b667c172f16bdac40e0a56da01aa8c9e3

SHA512
e5be5eca241c6ddd13a9a09334c13874a9f933449be7ebd5c0aa8c0dbd54e2fa13b9b3c464602e16232529279e03639aa9108174b13358f21a4059f1c7dee45c

Download Submit