db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7

Analysis

max time kernel
118s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
Size

196KB
MD5

1bf4730c46c40cbc54380bf453422c2a
SHA1

fab7ae39d762aa1b6194790a31a3b10078e008fb
SHA256

db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7
SHA512

d333d71e41d8902c404fe774cde131431e56f5a0af127fc4d84c10563cb8f3002e973c6ea120471f28a28c1c0a3fe3a9e6b2745f1794989d1679e6ffc5239703
SSDEEP

3072:L0iyo0oFvmAEKNAbd/yho8N4ino6weoVemE0xL+vyA6lPvpFHV:L0TonLEK+daho8PIr86lPvpF1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 48 IoCs

pid	Process
1852	Unicorn-56176.exe
2892	Unicorn-23119.exe
264	Unicorn-42985.exe
2832	Unicorn-33914.exe
1204	Unicorn-14048.exe
2628	Unicorn-29830.exe
2612	Unicorn-24843.exe
2440	Unicorn-34080.exe
2772	Unicorn-34080.exe
1872	Unicorn-10130.exe
1484	Unicorn-14214.exe
1448	Unicorn-33333.exe
2984	Unicorn-9383.exe
1744	Unicorn-468.exe
1032	Unicorn-46140.exe
2044	Unicorn-57837.exe
3036	Unicorn-61921.exe
1848	Unicorn-42055.exe
1096	Unicorn-53753.exe
1692	Unicorn-28346.exe
1828	Unicorn-4396.exe
896	Unicorn-24262.exe
2152	Unicorn-17438.exe
2112	Unicorn-17438.exe
1008	Unicorn-54941.exe
2140	Unicorn-909.exe
556	Unicorn-38412.exe
1952	Unicorn-42496.exe
1528	Unicorn-58278.exe
2052	Unicorn-62362.exe
2748	Unicorn-21425.exe
2552	Unicorn-41291.exe
2904	Unicorn-13257.exe
2736	Unicorn-33123.exe
2864	Unicorn-33123.exe
2764	Unicorn-28847.exe
2872	Unicorn-813.exe
1648	Unicorn-16595.exe
2968	Unicorn-10050.exe
2952	Unicorn-53351.exe
1964	Unicorn-40907.exe
264	Unicorn-34362.exe
2892	Unicorn-50144.exe
1868	Unicorn-46060.exe
3044	Unicorn-41976.exe
3028	Unicorn-621.exe
1992	Unicorn-22110.exe
2084	Unicorn-40580.exe

Loads dropped DLL 64 IoCs

pid	Process
2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
1852	Unicorn-56176.exe
1852	Unicorn-56176.exe
264	Unicorn-42985.exe
264	Unicorn-42985.exe
1852	Unicorn-56176.exe
1852	Unicorn-56176.exe
2892	Unicorn-23119.exe
2892	Unicorn-23119.exe
1204	Unicorn-14048.exe
1204	Unicorn-14048.exe
2832	Unicorn-33914.exe
2628	Unicorn-29830.exe
2832	Unicorn-33914.exe
2628	Unicorn-29830.exe
2892	Unicorn-23119.exe
2892	Unicorn-23119.exe
264	Unicorn-42985.exe
264	Unicorn-42985.exe
2612	Unicorn-24843.exe
2612	Unicorn-24843.exe
1204	Unicorn-14048.exe
1204	Unicorn-14048.exe
2832	Unicorn-33914.exe
2440	Unicorn-34080.exe
2772	Unicorn-34080.exe
2832	Unicorn-33914.exe
2440	Unicorn-34080.exe
2772	Unicorn-34080.exe
1484	Unicorn-14214.exe
2628	Unicorn-29830.exe
1484	Unicorn-14214.exe
2628	Unicorn-29830.exe
1872	Unicorn-10130.exe
1872	Unicorn-10130.exe
1448	Unicorn-33333.exe
1448	Unicorn-33333.exe
2612	Unicorn-24843.exe
2612	Unicorn-24843.exe
2984	Unicorn-9383.exe
2984	Unicorn-9383.exe
2044	Unicorn-57837.exe
1744	Unicorn-468.exe
2044	Unicorn-57837.exe
1744	Unicorn-468.exe
1484	Unicorn-14214.exe
1484	Unicorn-14214.exe
1096	Unicorn-53753.exe
1096	Unicorn-53753.exe
2772	Unicorn-34080.exe
1872	Unicorn-10130.exe
1872	Unicorn-10130.exe
2772	Unicorn-34080.exe
1848	Unicorn-42055.exe
1848	Unicorn-42055.exe
1032	Unicorn-46140.exe
1032	Unicorn-46140.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
688	3036	WerFault.exe	46
2820	2052	WerFault.exe	61
2028	832	WerFault.exe	168
3308	3656	WerFault.exe	318
3704	2856	WerFault.exe	437
1648	2808	WerFault.exe	441
3316	1728	WerFault.exe	555
2648	956	WerFault.exe	533
1420	1700	WerFault.exe	595
2988	2804	WerFault.exe	780
2848	2072	WerFault.exe	883

System Location Discovery: System Language Discovery 1 TTPs 49 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40907.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
1852	Unicorn-56176.exe
264	Unicorn-42985.exe
2892	Unicorn-23119.exe
1204	Unicorn-14048.exe
2832	Unicorn-33914.exe
2628	Unicorn-29830.exe
2612	Unicorn-24843.exe
2440	Unicorn-34080.exe
1872	Unicorn-10130.exe
2772	Unicorn-34080.exe
1484	Unicorn-14214.exe
1448	Unicorn-33333.exe
2984	Unicorn-9383.exe
1744	Unicorn-468.exe
2044	Unicorn-57837.exe
3036	Unicorn-61921.exe
1032	Unicorn-46140.exe
1848	Unicorn-42055.exe
1096	Unicorn-53753.exe
1692	Unicorn-28346.exe
896	Unicorn-24262.exe
1828	Unicorn-4396.exe
2152	Unicorn-17438.exe
2112	Unicorn-17438.exe
1008	Unicorn-54941.exe
2140	Unicorn-909.exe
556	Unicorn-38412.exe
1952	Unicorn-42496.exe
1528	Unicorn-58278.exe
2052	Unicorn-62362.exe
2748	Unicorn-21425.exe
2552	Unicorn-41291.exe
2904	Unicorn-13257.exe
2736	Unicorn-33123.exe
2864	Unicorn-33123.exe
2764	Unicorn-28847.exe
2872	Unicorn-813.exe
1648	Unicorn-16595.exe
2968	Unicorn-10050.exe
2952	Unicorn-53351.exe
1964	Unicorn-40907.exe
2892	Unicorn-50144.exe
264	Unicorn-34362.exe
1868	Unicorn-46060.exe
3044	Unicorn-41976.exe
1992	Unicorn-22110.exe
3028	Unicorn-621.exe
2084	Unicorn-40580.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 1852	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	30
PID 2552 wrote to memory of 1852	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	30
PID 2552 wrote to memory of 1852	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	30
PID 2552 wrote to memory of 1852	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	30
PID 2552 wrote to memory of 2892	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	32
PID 2552 wrote to memory of 2892	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	32
PID 2552 wrote to memory of 2892	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	32
PID 2552 wrote to memory of 2892	2552	db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe	32
PID 1852 wrote to memory of 264	1852	Unicorn-56176.exe	33
PID 1852 wrote to memory of 264	1852	Unicorn-56176.exe	33
PID 1852 wrote to memory of 264	1852	Unicorn-56176.exe	33
PID 1852 wrote to memory of 264	1852	Unicorn-56176.exe	33
PID 264 wrote to memory of 2832	264	Unicorn-42985.exe	176
PID 264 wrote to memory of 2832	264	Unicorn-42985.exe	176
PID 264 wrote to memory of 2832	264	Unicorn-42985.exe	176
PID 264 wrote to memory of 2832	264	Unicorn-42985.exe	176
PID 1852 wrote to memory of 1204	1852	Unicorn-56176.exe	35
PID 1852 wrote to memory of 1204	1852	Unicorn-56176.exe	35
PID 1852 wrote to memory of 1204	1852	Unicorn-56176.exe	35
PID 1852 wrote to memory of 1204	1852	Unicorn-56176.exe	35
PID 2892 wrote to memory of 2628	2892	Unicorn-23119.exe	226
PID 2892 wrote to memory of 2628	2892	Unicorn-23119.exe	226
PID 2892 wrote to memory of 2628	2892	Unicorn-23119.exe	226
PID 2892 wrote to memory of 2628	2892	Unicorn-23119.exe	226
PID 1204 wrote to memory of 2612	1204	Unicorn-14048.exe	120
PID 1204 wrote to memory of 2612	1204	Unicorn-14048.exe	120
PID 1204 wrote to memory of 2612	1204	Unicorn-14048.exe	120
PID 1204 wrote to memory of 2612	1204	Unicorn-14048.exe	120
PID 2832 wrote to memory of 2440	2832	Unicorn-33914.exe	38
PID 2832 wrote to memory of 2440	2832	Unicorn-33914.exe	38
PID 2832 wrote to memory of 2440	2832	Unicorn-33914.exe	38
PID 2832 wrote to memory of 2440	2832	Unicorn-33914.exe	38
PID 2628 wrote to memory of 2772	2628	Unicorn-29830.exe	39
PID 2628 wrote to memory of 2772	2628	Unicorn-29830.exe	39
PID 2628 wrote to memory of 2772	2628	Unicorn-29830.exe	39
PID 2628 wrote to memory of 2772	2628	Unicorn-29830.exe	39
PID 2892 wrote to memory of 1872	2892	Unicorn-23119.exe	40
PID 2892 wrote to memory of 1872	2892	Unicorn-23119.exe	40
PID 2892 wrote to memory of 1872	2892	Unicorn-23119.exe	40
PID 2892 wrote to memory of 1872	2892	Unicorn-23119.exe	40
PID 264 wrote to memory of 1484	264	Unicorn-42985.exe	41
PID 264 wrote to memory of 1484	264	Unicorn-42985.exe	41
PID 264 wrote to memory of 1484	264	Unicorn-42985.exe	41
PID 264 wrote to memory of 1484	264	Unicorn-42985.exe	41
PID 2612 wrote to memory of 1448	2612	Unicorn-24843.exe	134
PID 2612 wrote to memory of 1448	2612	Unicorn-24843.exe	134
PID 2612 wrote to memory of 1448	2612	Unicorn-24843.exe	134
PID 2612 wrote to memory of 1448	2612	Unicorn-24843.exe	134
PID 1204 wrote to memory of 2984	1204	Unicorn-14048.exe	43
PID 1204 wrote to memory of 2984	1204	Unicorn-14048.exe	43
PID 1204 wrote to memory of 2984	1204	Unicorn-14048.exe	43
PID 1204 wrote to memory of 2984	1204	Unicorn-14048.exe	43
PID 2832 wrote to memory of 1032	2832	Unicorn-33914.exe	44
PID 2832 wrote to memory of 1032	2832	Unicorn-33914.exe	44
PID 2832 wrote to memory of 1032	2832	Unicorn-33914.exe	44
PID 2832 wrote to memory of 1032	2832	Unicorn-33914.exe	44
PID 2440 wrote to memory of 1744	2440	Unicorn-34080.exe	140
PID 2440 wrote to memory of 1744	2440	Unicorn-34080.exe	140
PID 2440 wrote to memory of 1744	2440	Unicorn-34080.exe	140
PID 2440 wrote to memory of 1744	2440	Unicorn-34080.exe	140
PID 2772 wrote to memory of 3036	2772	Unicorn-34080.exe	219
PID 2772 wrote to memory of 3036	2772	Unicorn-34080.exe	219
PID 2772 wrote to memory of 3036	2772	Unicorn-34080.exe	219
PID 2772 wrote to memory of 3036	2772	Unicorn-34080.exe	219

C:\Users\Admin\AppData\Local\Temp\db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe
"C:\Users\Admin\AppData\Local\Temp\db511c7f2772ec4481e10d86a8d1f68449b02c88ad9ae85e05f96582db50ccc7.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        11⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        13⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        15⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        17⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        18⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        19⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        20⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        12⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        14⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        15⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        16⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        17⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        18⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        19⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
        13⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        14⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        15⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
        16⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        17⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32603.exe
        18⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        10⤵
        
        PID:832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
        11⤵
        Program crash
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
        10⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        11⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        13⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        15⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        16⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        17⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        18⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        12⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        13⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        14⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        15⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        16⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        17⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        18⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        19⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        11⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        12⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        13⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        14⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        15⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        16⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        17⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        18⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
        12⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        13⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        14⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
        15⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        16⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        17⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        18⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
        19⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        10⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        12⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        14⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        15⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        16⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        17⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        18⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        9⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40357.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        11⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        13⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        14⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        15⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        16⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        17⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        18⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        11⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        12⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39844.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        14⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        15⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        16⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        17⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        18⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        12⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        13⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        14⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        17⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
        7⤵
        Program crash
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        12⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        10⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        11⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        12⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        13⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        14⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
        15⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33501.exe
        16⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        10⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        14⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        15⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        16⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        17⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        9⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63450.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
        11⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        13⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        14⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        16⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        9⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        10⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        12⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        13⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        14⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        15⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        17⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        18⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        9⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        11⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        12⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        13⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        14⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        16⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        17⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        18⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        10⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        11⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        12⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        13⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        14⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        15⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        16⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        17⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        18⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        9⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        13⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        14⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        15⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        16⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        9⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe
        11⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        12⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        14⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        15⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36168.exe
        16⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        17⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        18⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
        9⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        11⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        14⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        15⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        16⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        17⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        9⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        13⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        14⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        16⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        17⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        11⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        13⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        14⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
        15⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        16⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        17⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        18⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
        9⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        10⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        13⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        14⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        15⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        16⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        17⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        11⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59745.exe
        12⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        13⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        14⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        15⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        16⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        17⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38178.exe
        11⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        12⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        13⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        15⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        16⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        17⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
        11⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        12⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        14⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        15⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        16⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54941.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
        12⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        13⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        11⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        12⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        13⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        14⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        15⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        16⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        17⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        13⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        14⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        15⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
        16⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        14⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        15⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        16⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
        10⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        12⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        13⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        14⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
        15⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39479.exe
        16⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        12⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
        13⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        14⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        16⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        17⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        11⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        14⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
        15⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        16⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        8⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        11⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4784.exe
        12⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        13⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        14⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        15⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        16⤵
        
        PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28346.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        11⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        14⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        15⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        16⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        17⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46277.exe
        18⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        19⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        11⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
        12⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        16⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        17⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        18⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        19⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        11⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        14⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        15⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        16⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        17⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        18⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        19⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36652.exe
        11⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        12⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        13⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        14⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        15⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        16⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        17⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        18⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        9⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        10⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 224
        11⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        10⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        12⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        13⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        14⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        15⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        16⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
        17⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18484.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        11⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
        12⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        13⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        14⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        15⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        16⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        17⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        18⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        19⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        10⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        11⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
        12⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        13⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44359.exe
        14⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        15⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        16⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        17⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62495.exe
        11⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        12⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        14⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        15⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        16⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        17⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
        10⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        12⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        13⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        14⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        16⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        17⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        8⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        9⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        12⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
        13⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51113.exe
        14⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
        15⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        16⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4396.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
        10⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        11⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        12⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        14⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        17⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        11⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        13⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        14⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        15⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
        16⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        17⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27363.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        11⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        12⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
        13⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        14⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        15⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        16⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        17⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        10⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
        11⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        12⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        14⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        15⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        16⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        11⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        13⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        14⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        15⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        11⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        12⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        13⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12781.exe
        14⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        16⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        17⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        18⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        10⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
        14⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        15⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        16⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        17⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        7⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        11⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
        13⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        15⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18156.exe
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        17⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        11⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        12⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        13⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        14⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        15⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        16⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35864.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        16⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        17⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        9⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        11⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        12⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        13⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        15⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        16⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        11⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        13⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        14⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        15⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        16⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        7⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39615.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        12⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        13⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        14⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        15⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        16⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        17⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        18⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        11⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        12⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        13⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        14⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        15⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        16⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        17⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        11⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        13⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        14⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3054.exe
        15⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        16⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        11⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56424.exe
        12⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        13⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        14⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        16⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        12⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 220
        13⤵
        Program crash
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26170.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
        11⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        13⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        14⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        15⤵
        
        PID:328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        11⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
        12⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59221.exe
        13⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
        15⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        16⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        17⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
        11⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        12⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        13⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        16⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        17⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        11⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        12⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        13⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        14⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        15⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        16⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63516.exe
        17⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
        11⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        12⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        14⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        15⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        16⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        11⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        12⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
        13⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        14⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        15⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        16⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21323.exe
        10⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52283.exe
        11⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        12⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        13⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        14⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        15⤵
        
        PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        12⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
        13⤵
        Program crash
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32380.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        10⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        12⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
        13⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        14⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        15⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        16⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        17⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        12⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        13⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        14⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        15⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        16⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        17⤵
        Program crash
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57596.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        11⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58474.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        14⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        15⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        16⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        17⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        11⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        13⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        14⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
        15⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
        16⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36881.exe
        11⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        12⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        13⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        15⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28147.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        11⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 200
        12⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        10⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
        11⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        12⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        13⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        14⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        15⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        16⤵
        
        PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16377.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        12⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
        14⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        15⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        16⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        17⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        7⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        9⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
        10⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
        11⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-485.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        14⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        15⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        16⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        6⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        10⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        11⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        13⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        14⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        15⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        16⤵
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        6⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        9⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        11⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        13⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        14⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        15⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        16⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45915.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        11⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        12⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        13⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        14⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        15⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        16⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        17⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        11⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        12⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
        13⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        14⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33226.exe
        15⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        11⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 220
        12⤵
        Program crash
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        11⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        12⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        13⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
        14⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        11⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        13⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        14⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62888.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        16⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        11⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        14⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        15⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
        9⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        11⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        13⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        15⤵
        
        PID:564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe

Filesize
196KB

MD5
cfa27b1fba1e5f32e6d05d830ddb2aee

SHA1
8c72eaeeed957afdd6975719eca4682c3ab43f17

SHA256
4920cea97d4ea42c8bc3a6a172367e62ef59dcd8c3a9a8d7767c361a9d045336

SHA512
fb3f4c70413af0412aec1fa2b04c8e981f799702dde2055471299c9b5583ac2dc61d78361903114ab55f16ea7d294308472809d8d79a5a601d0ee72f4d9528a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe

Filesize
196KB

MD5
9ce9898adea81e08e7152e608079a836

SHA1
082bc0be0e5b6ad346b66c2e0cdb3894d3af05e3

SHA256
8f9767ac7f3911fa41a96d0e98f6d07e43782e5d9893c72fa6d13e2ce8ec51f1

SHA512
2976e4b0d30a395144f5ec3652a61afb9876a15955600b78eff8dec06807e9eab4a22675d228e63877eadc2b53185e751f117ac31df0fd7586c76465c7e50bf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe

Filesize
196KB

MD5
b5d19f639fa98b0e5afeb051ce2fe17e

SHA1
7b3c63e95af942b87549343ae3bc449a4c37217f

SHA256
a88e00b31957e80b6e9cdae60e8fc4dc0e01b7dc276828b663a0b44e3aa75d08

SHA512
48b8e22ba1df79234b472abc030d82774a2e1e15f8c8cdcdfd2901b363ff3696968c5bba311957cf98f99e4e229671fe0aafb656b8eeeb522a114fd1367e7a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe

Filesize
196KB

MD5
f543e0a62bebda4eb4a5b6ec472d6a06

SHA1
9d2fce5d869d46fc4ece8e958651fa02edcb8ce2

SHA256
b242809aacb5c3f8345dfc9c549b31b48fc71eb0baf0389c636b35dd345c6eaa

SHA512
cdf3b49a96106c949890ea7a0985c25f752fbf11938e5419997b51c7f3b8d3718c9d86b82578d6d72cc5605a74d8f87763d68d334a95ce7407edd9cad601dafa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe

Filesize
196KB

MD5
640c59dc8cc973d2c4aedc76e1746003

SHA1
ccd5b80e38511bb96fbe8fa03fb6a745454b1a45

SHA256
16c59786240c7b902504908bc4aaeaf81268fb35195b3f195ce143661990831b

SHA512
9fffd3c26208e12351479c9a1efb5068400045e3823ee4a06a5bb4c5ae3868ee7337b56643185417678d798c3ffc966230f032c3d623f7fc3eeff9aa601cc2b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe

Filesize
196KB

MD5
d28d75b22b7ccbf3987a454bb50de931

SHA1
5421b70748b9d44d5212ba404522db195f686798

SHA256
b3ae7060eeb19f0f1d962701819e19b7f73578cbd65dd17a01b96e132457879c

SHA512
17f9bf06908cc7e2cda2e568724c22eccfda1e53124a31d6d628e5a8d3ee8894fdf048b9c3832a9617c27d6f54f54ad82e331f4b55091b99cf2301f779da06d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe

Filesize
196KB

MD5
fc3a6ac11e35780d4f2a275b78bcb9b6

SHA1
a95eca0c72a6e10f705a317ca571a1399c22f6f3

SHA256
f06c8302c65d9e3b3c3cb41c33dc86469b705b52edcac6e14220e51adfd2f84f

SHA512
b4e00a6650840f5ad85fbf003d34c5b77a0db7fe2a2aacc83afda2f61198b64000d2b0b1e2eb749b58a5f07e574aa2329aad4a67463953fb4905af32e3be2290

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe

Filesize
196KB

MD5
75663ea7aec03106e1dd642b88e4d40a

SHA1
acb49c1b58fdab4842e5ad331bde82bc2f6c0586

SHA256
9acae997277075ae9fb278dbb0c38cdb8fbc29241e9dcca5e9a95927863521d7

SHA512
2fdb8a30ab5cba331030aefb858096ebd0e2fc18a31a9f6fac10edb7d2b4bc3bd095f61bd614a3ccbb07c50145955bf64038e432b39c6ac16f42f44e321518ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe

Filesize
196KB

MD5
9a695043494ffc3a4a9d2945c85fe592

SHA1
1bd31d6a9ba0353599302b11c2bb6178091382ca

SHA256
9c6482be45ec761b4959c187d85f1006516e50753b924e22b2ec48cd76461022

SHA512
15c19cb112cd9ba3ee69f2c90df0f0c47b41f48ba29b5bc74d5b36d534dd18892c0ea8dd6fc87b4df0571e42ddff8f35df6985c4cb49b40d498ce5b689dd17be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe

Filesize
196KB

MD5
adfd6001a6b357249dfa003e4f6392d1

SHA1
4088208f8baf130bd8dfe0aa3317d4455ee8ee9b

SHA256
3aa2409f2f8076b07f872da806418249e4b787423b88405ecb3500b0c7da2b2e

SHA512
e23f26e41b70e2c313a00b95dd4606797bc7f1dc2804f459d5f82162d8a9f7e52850f36f2150e52624afb3bf5fe76b390f2aeb21c0bb1d79856799be79dba2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe

Filesize
196KB

MD5
3bb22492c0da8758b9bfc45ad3c95c38

SHA1
27699ac1625f3da291ac33d9ddcc5e42da52facb

SHA256
8c9fd7981002ac7db0e20a1b2a44dde4285f153f6f6e8f5b0c86e2a170dc928f

SHA512
70cc4e30926b247734dabccfb361640956e4fbc4207a54a8310c172eed4e44bd709f35a854e7eb41332956dfdcf24495074ace089fb8d14702ecd2a151bf51e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe

Filesize
196KB

MD5
e6b4f33bbe55fd7c5c25f909330b1b43

SHA1
b2e5dae66370b8547c72f39b024ff5edc8b6487a

SHA256
c306f6d901c850a9356e0d31a22b177f8e55a30f054a23f7d15ba0b63889cdae

SHA512
911bff14b4bff45d2d7fd2d179538a3b02e92ed66face8abb0ef5766d98cd2d8a81eee065ce705f28a702f280cf1c555a7650b1f4ab6bfd24c1447f3a887918d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe

Filesize
196KB

MD5
9b58c39db2e6441ecb23062725aa983f

SHA1
dfad92bbe6e707e1fb60c51ca8347ef0523dbf55

SHA256
99b3ece2fded007170650114df5adddd3b8eda168e4006b3237e84e6b52f5f0c

SHA512
9e9ca84e368d128f0f3cdf69aee308b8b1ece2f283cdcfa01a275de3c86bf72504d307dfc34b1ebe7db2f94ba9cd481f82787b98aebffaa31de9ed40ebaa59df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe

Filesize
196KB

MD5
ec7ea48d80ae1560fdede8f1fcc656d5

SHA1
02187dd5d64ba76c2de613ca2929349cdbad1d5d

SHA256
7712e4cf48d745ea357e62c496a6594be46bbb030bd425f6f57493c24e61aceb

SHA512
94c49eb9503f2df55bc8025f6c5a9fd332f6875838271be2d42d9a81036d385e552e6d193fced8418dd9d5734d87fd845b04cb81047effa35ef4dc45923e96cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe

Filesize
196KB

MD5
466f5ca3a3dbfacc1b360fd1b4c4f8e1

SHA1
32b850e1ef105a6b4c02df3f7ca8517ec9798854

SHA256
7f709fba44c3c184d52bc79dac8aa38c45dc3dce6183725d8e07dd5a28bbce91

SHA512
ff41d3ef779ff35de7faab2c48c79af79f8b941ceee9a754e2e158c8c1c10166f5ac662b524fd9ee481d14a49fe22b6eb160f273b8fabd2f51f47879f8701dca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe

Filesize
196KB

MD5
8d8945125bcb8378d30bbd767055f085

SHA1
37062598fd88d692c4a6568686c33db3fd306036

SHA256
bcc69981c691c2407ee756596fb7b1d36dfe32e39d98700cdbe0e905c90c1c36

SHA512
6d9159ee176409a9ec5caa991cc738338cfad414a183f01cc981f68b43803c4415fa54aa754e4ea1b2eef9c0b518bebbda5e58f97bafac6025109b7dec3fbd2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe

Filesize
196KB

MD5
8d08b27643383091881593d211ff44f7

SHA1
debe93780e39ea9e651386bc88ca13a2689c3d02

SHA256
f4d1f900aa20090b72f18dcf6d460b771136b288dc1410c708b259784109e5b3

SHA512
4588d3e2917e436af449d6c8efcc98fc4d9fee30588be6a30c4111de536e49eb9d801f9576ec84d2a89db691de6d984d0975a209d2daff8a90759a7f1671446a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe

Filesize
196KB

MD5
b6de98b41759209f0afb898edb21e680

SHA1
156cb666321b706dc92ed125a37d92c1bcdf90c5

SHA256
c9aeddd4190e0706dd8bb163498bdc303e5b7a3218d8e26abec0c91de395d97f

SHA512
da6ed4312a964ba61ad6b584ff3a4624064ee69ec02580b01e9ea86b9dfbf261742b5ef643fb5c580ec5aac61b418c08e6ee5f3f3ce23e4e9903eff56d700c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe

Filesize
196KB

MD5
0ed0758491433daea5eecae6100d92df

SHA1
01882b7432bfd323131b382e9e6eefb69a744258

SHA256
2ef10e90af41f83abf27aef0031d37cf20bad1c41998a644456e9ac776d69d40

SHA512
606a9662899078857f75403386b71228d2ba9b2caf98861c6010caea36a8cdffbd35cb17c534f8eb7bbc23efcdb8b135cef234c7b99d82f217606715260532c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe

Filesize
196KB

MD5
f33381a5f77abb936c380d34c4636ba6

SHA1
e020503871bb3e7b33c3983d944c4b8a7ede307c

SHA256
3b9b23d12cc6a05e8b32bb4b6f6f27b6ebf82c4217161b2b872daa57ad23a7a3

SHA512
b0a3f211fdb149756962251bb1e5fba3863f26f75ba3c5c8c4f3987b3704b9370029dac525db5841bed05af29f684e037ed192388a80f987374f2df6ad6dbe92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe

Filesize
196KB

MD5
45a4986b9f76ea502dc39c3594d66d67

SHA1
342b434b9378e5ed0c4057a6065fc17f80b9d322

SHA256
ebfbcb5e0cf79105f5428fd0fa869bfd0c789ba240a02c03c6130bafb0fd1c72

SHA512
5aeaa866630e3f84da42e5b6aa3c52cd082763531873150ddb825a377dc594f3c11faaed58dac185383778ef04733b702f057ca723c230da6193b7eff732444d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe

Filesize
196KB

MD5
eebfe6c0e15194947b202b954fbafdd9

SHA1
4f6f2b567d32f2480de937cf9d2d3a4e591d9f34

SHA256
64567262ed9d9dd20fd3b1ddb135efe97561c07dabc5fc05de9835345eac9166

SHA512
bb26519a829c4857f9700fcca8c8ecb51b742e8529c00277f202b1720196654e8f6299afb2f96d03bae6c6ae73f982dfd69e17192f666b6a16cff1ad16a2bfc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6361.exe

Filesize
196KB

MD5
4f47f41b42a615616f04d53fda9c65b3

SHA1
2e9eb351367443dcce01ca44e4b9ea4210f94a9b

SHA256
8502e01e00d82c0452b113862694d483df5975bb5bac46401767d62139675895

SHA512
9cfa97dd75c9bd8449b77bb121bbb6838a8e51a7fc8623973d950b71b8f92f2fd5f803629f31c2901b370078bdaeb286e8a27c969000fe51b74cde1fdc09e519

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe

Filesize
196KB

MD5
1f7d10c71d96cbe8817bff2be0eaa9db

SHA1
6e9753d60d6539a439d533719cf576f6c0c90f08

SHA256
f9a833f197872b28f45155ef03c3fe38b46fae0ad22eec70d852e872009f895e

SHA512
7499dd79e31a96c67555582cb8527063b1fa65a9364cc8e128a4c67afb4c6f694430b166dcc5734c459fbc389db79dabb8b5fa7d0bf2f1833b7e099d624489fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe

Filesize
85KB

MD5
42678de5551d4d514cb461f1bac6a740

SHA1
1f4caaea34449152a1dc357231d101ba054f4c59

SHA256
feb174966e1231969006a90b9f465a5853e1807b60a7851c6a844c5a8c64ba45

SHA512
f48c607ae15f10ec1e1e3d59a223068df192f30976cdac0098470e53d0312424c0f28183d9edad8d9778a977552ede3955e5827c8d25ead3d2bf48500b880e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6584.exe

Filesize
196KB

MD5
6ea0132865561341de1fedbb6c932fac

SHA1
0853c5ccf849b0c750b3d91cd84c8f6fcf6fc71f

SHA256
cb711ddc16ae69130801682d06727989df3db912ca638f87fa17b64cb210dd6d

SHA512
591e0ace10f58cf6fb88225335fceeea19cda6a5934920043e68170b37c617d6c1845bfb5389caad8aa03723e578144fc765c0319d8befa1fa800ee9d2103194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6600.exe

Filesize
196KB

MD5
aca4e0f93990322bc906db0e231c86ef

SHA1
105ec6cbea03c0618d01fe6a075d2d629a5d9def

SHA256
f791dd617161a5cb416babb0de379d8facdf106f6368610952d18d6b91014720

SHA512
d2a2069ea33ec3824a6c3879c15800e78eed3972fa15f82d133ca439e95d5fd0a51c85b7837a8a67a577c0be49d5ea02b37c76019f93fbbc5b5b783a79d2a5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe

Filesize
196KB

MD5
c0fca426705e690b21c76a5c8a5a99d4

SHA1
9ea49f3eff77e5f7694bb8273daf1aebfd153623

SHA256
0ab7b9477bf2c41ce6df08b551cb482be886f611c99c3fddc79cc6fb6903ebe1

SHA512
5df08c544184cefbfa89130a4b9d34e8e811614c3e9cb6c8832fffbbdcff3a412aac6ca51b3e89777e602d5cdabf8c5148eac52070e798c61aaf3266c976f5d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe

Filesize
196KB

MD5
06d2306a97903c6fdb1cda7b1bdb3e07

SHA1
3282874340aa3dee80f6e17eb2778a86b274b755

SHA256
4111d14939628322d406ae82261b6b61a58954716f8a8c5c4534425339bd5cac

SHA512
54b4cf1921d92518d6c79917228c5d74283118d9e4ad998c447c957ff46691d9fcea84cb9d974c62053e6710300c907629a626fa50c0167e9e25aaaf463ddde5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe

Filesize
196KB

MD5
dfeb2be9df650720f08b5efe54a790e6

SHA1
b2285fa8f50209fe88aa2224c97987ad48e3dcd8

SHA256
2a93c81e12310eabd4fa5883b107d91efbf38eee3bc521fd1164f74d37a88ca1

SHA512
53865a2307fb55f83942e1dadbbb2a400435684641f90bb76a302d2fb0aaa9cbea35a79b47a878c0549aee62e4137de7597b61581acb757d4aaac6db8f1e3a1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe

Filesize
196KB

MD5
a7ac1d0a1933d08550d8d9f444cdf8f5

SHA1
63d84d1e04906a64d170c2e7a85accf7c2750ba5

SHA256
1816657230d581d3aabe71506c194206940d289876ba9ea6d1bce16c4435cc89

SHA512
7e32e86278c0b2809be642a2d85fdec6857d39e553d0688dcfa5d08c538b1af9b41f65d09ce1b0ba09a6fcff4c65190d01dc4292a2571eea95c7e9caf17f0756

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe

Filesize
196KB

MD5
4c5155c5839990d32b2e3404f0e4a709

SHA1
61a13eed04e0ce098f9da96e40a5e9df41ea0012

SHA256
bf015440278449072507fe47fd09b395f86c802e1d0c50458d22977703a474bb

SHA512
43cef712fcc76de73a2fe636bef1cc54f8ce00a7b10cc17e810d4bc6518fb63014b51b41f45995eb9252d084ce462de08c744da27bcb798feb2ce757c4b5fd81

Download Submit
memory/2472-4046-0x0000000002610000-0x0000000002720000-memory.dmp

Filesize
1.1MB

Download
memory/2472-2492-0x0000000003340000-0x0000000003450000-memory.dmp

Filesize
1.1MB

Download
memory/2472-5967-0x00000000032A0000-0x00000000033B0000-memory.dmp

Filesize
1.1MB

Download
memory/2472-5965-0x00000000773A0000-0x000000007749A000-memory.dmp

Filesize
1000KB

Download
memory/2472-5964-0x00000000774A0000-0x00000000775BF000-memory.dmp

Filesize
1.1MB

Download
memory/2472-2350-0x0000000002A10000-0x0000000002B6C000-memory.dmp

Filesize
1.4MB

Download