64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe
Size

468KB
MD5

a04bc688112a3e91c04bc28d9470c86c
SHA1

d45c9411b07727154011f05d2cbe5f513f861ca6
SHA256

64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730
SHA512

b91187466a134b9e4af9234ef9825b4840a5c54e779f651619d8a69dfebbae2e5f42081886ffc38e646eb6b0beb23043a4e0788f62c27c85d60aaaf5fe941af4
SSDEEP

3072:tqonowL5My8U6bYqfz53ff5ECh5shpe9mHePV4giXInDuGjDklP:tqEoTLU6tf13ffYHCPiXGSGjD

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
436	Unicorn-30521.exe
4376	Unicorn-11060.exe
4092	Unicorn-52648.exe
324	Unicorn-5990.exe
5016	Unicorn-47578.exe
2732	Unicorn-63359.exe
1556	Unicorn-53721.exe
4196	Unicorn-30241.exe
3936	Unicorn-2207.exe
3444	Unicorn-5544.exe
3840	Unicorn-32187.exe
4428	Unicorn-28103.exe
2096	Unicorn-17888.exe
4804	Unicorn-4153.exe
3172	Unicorn-23754.exe
4080	Unicorn-52197.exe
4420	Unicorn-50806.exe
3968	Unicorn-1050.exe
4732	Unicorn-39845.exe
4704	Unicorn-11164.exe
2164	Unicorn-37807.exe
1888	Unicorn-2996.exe
692	Unicorn-42445.exe
4368	Unicorn-62311.exe
4324	Unicorn-62311.exe
1572	Unicorn-62046.exe
3908	Unicorn-11719.exe
1088	Unicorn-42445.exe
940	Unicorn-22654.exe
2032	Unicorn-56181.exe
3876	Unicorn-62311.exe
3504	Unicorn-59379.exe
5032	Unicorn-35451.exe
5000	Unicorn-53733.exe
668	Unicorn-29783.exe
2736	Unicorn-49192.exe
2780	Unicorn-32305.exe
2600	Unicorn-45949.exe
3300	Unicorn-37781.exe
2500	Unicorn-54209.exe
4188	Unicorn-60339.exe
2552	Unicorn-25529.exe
2044	Unicorn-47895.exe
2220	Unicorn-10177.exe
5004	Unicorn-35643.exe
552	Unicorn-11693.exe
4424	Unicorn-23391.exe
1200	Unicorn-3525.exe
2784	Unicorn-15777.exe
4912	Unicorn-34059.exe
3812	Unicorn-6862.exe
3332	Unicorn-6862.exe
2964	Unicorn-10946.exe
2432	Unicorn-37589.exe
1520	Unicorn-37589.exe
3456	Unicorn-20490.exe
3528	Unicorn-29156.exe
3548	Unicorn-9555.exe
4436	Unicorn-36197.exe
4772	Unicorn-19206.exe
3800	Unicorn-42341.exe
4620	Unicorn-40687.exe
4916	Unicorn-51548.exe
4496	Unicorn-57023.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
14772	14596	WerFault.exe	712
3508	9764	WerFault.exe	436
1948	14872	WerFault.exe	719
15476	14076	WerFault.exe	667
2536	9872	WerFault.exe	463
18328	16532	WerFault.exe	1003
18256	16540	WerFault.exe	1004
17580	2236	WerFault.exe	910
15020	16620	WerFault.exe	1008

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20678.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5836	dwm.exe
Token: SeChangeNotifyPrivilege	5836	dwm.exe
Token: 33	5836	dwm.exe
Token: SeIncBasePriorityPrivilege	5836	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe
436	Unicorn-30521.exe
4376	Unicorn-11060.exe
4092	Unicorn-52648.exe
324	Unicorn-5990.exe
2732	Unicorn-63359.exe
1556	Unicorn-53721.exe
5016	Unicorn-47578.exe
4196	Unicorn-30241.exe
3936	Unicorn-2207.exe
4804	Unicorn-4153.exe
2096	Unicorn-17888.exe
3172	Unicorn-23754.exe
3444	Unicorn-5544.exe
4428	Unicorn-28103.exe
3840	Unicorn-32187.exe
4080	Unicorn-52197.exe
4420	Unicorn-50806.exe
3968	Unicorn-1050.exe
1888	Unicorn-2996.exe
4704	Unicorn-11164.exe
4732	Unicorn-39845.exe
2164	Unicorn-37807.exe
940	Unicorn-22654.exe
1088	Unicorn-42445.exe
3908	Unicorn-11719.exe
4324	Unicorn-62311.exe
4368	Unicorn-62311.exe
3876	Unicorn-62311.exe
2032	Unicorn-56181.exe
1572	Unicorn-62046.exe
3504	Unicorn-59379.exe
5032	Unicorn-35451.exe
5000	Unicorn-53733.exe
668	Unicorn-29783.exe
2736	Unicorn-49192.exe
2780	Unicorn-32305.exe
2600	Unicorn-45949.exe
3300	Unicorn-37781.exe
4188	Unicorn-60339.exe
2552	Unicorn-25529.exe
2500	Unicorn-54209.exe
2044	Unicorn-47895.exe
2220	Unicorn-10177.exe
4424	Unicorn-23391.exe
3812	Unicorn-6862.exe
552	Unicorn-11693.exe
5004	Unicorn-35643.exe
2784	Unicorn-15777.exe
2432	Unicorn-37589.exe
1200	Unicorn-3525.exe
4912	Unicorn-34059.exe
2964	Unicorn-10946.exe
4436	Unicorn-36197.exe
3800	Unicorn-42341.exe
4772	Unicorn-19206.exe
1520	Unicorn-37589.exe
3332	Unicorn-6862.exe
3456	Unicorn-20490.exe
2752	Unicorn-60147.exe
3528	Unicorn-29156.exe
3548	Unicorn-9555.exe
4620	Unicorn-40687.exe
4916	Unicorn-51548.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 436	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	84
PID 1180 wrote to memory of 436	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	84
PID 1180 wrote to memory of 436	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	84
PID 436 wrote to memory of 4376	436	Unicorn-30521.exe	87
PID 436 wrote to memory of 4376	436	Unicorn-30521.exe	87
PID 436 wrote to memory of 4376	436	Unicorn-30521.exe	87
PID 1180 wrote to memory of 4092	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	88
PID 1180 wrote to memory of 4092	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	88
PID 1180 wrote to memory of 4092	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	88
PID 4376 wrote to memory of 324	4376	Unicorn-11060.exe	92
PID 4376 wrote to memory of 324	4376	Unicorn-11060.exe	92
PID 4376 wrote to memory of 324	4376	Unicorn-11060.exe	92
PID 436 wrote to memory of 5016	436	Unicorn-30521.exe	93
PID 436 wrote to memory of 5016	436	Unicorn-30521.exe	93
PID 436 wrote to memory of 5016	436	Unicorn-30521.exe	93
PID 4092 wrote to memory of 2732	4092	Unicorn-52648.exe	94
PID 4092 wrote to memory of 2732	4092	Unicorn-52648.exe	94
PID 4092 wrote to memory of 2732	4092	Unicorn-52648.exe	94
PID 1180 wrote to memory of 1556	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	95
PID 1180 wrote to memory of 1556	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	95
PID 1180 wrote to memory of 1556	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	95
PID 324 wrote to memory of 4196	324	Unicorn-5990.exe	96
PID 324 wrote to memory of 4196	324	Unicorn-5990.exe	96
PID 324 wrote to memory of 4196	324	Unicorn-5990.exe	96
PID 4376 wrote to memory of 3936	4376	Unicorn-11060.exe	97
PID 4376 wrote to memory of 3936	4376	Unicorn-11060.exe	97
PID 4376 wrote to memory of 3936	4376	Unicorn-11060.exe	97
PID 2732 wrote to memory of 3444	2732	Unicorn-63359.exe	98
PID 2732 wrote to memory of 3444	2732	Unicorn-63359.exe	98
PID 2732 wrote to memory of 3444	2732	Unicorn-63359.exe	98
PID 5016 wrote to memory of 3840	5016	Unicorn-47578.exe	99
PID 5016 wrote to memory of 3840	5016	Unicorn-47578.exe	99
PID 5016 wrote to memory of 3840	5016	Unicorn-47578.exe	99
PID 1556 wrote to memory of 4428	1556	Unicorn-53721.exe	100
PID 1556 wrote to memory of 4428	1556	Unicorn-53721.exe	100
PID 1556 wrote to memory of 4428	1556	Unicorn-53721.exe	100
PID 436 wrote to memory of 2096	436	Unicorn-30521.exe	101
PID 436 wrote to memory of 2096	436	Unicorn-30521.exe	101
PID 436 wrote to memory of 2096	436	Unicorn-30521.exe	101
PID 4092 wrote to memory of 4804	4092	Unicorn-52648.exe	102
PID 4092 wrote to memory of 4804	4092	Unicorn-52648.exe	102
PID 4092 wrote to memory of 4804	4092	Unicorn-52648.exe	102
PID 1180 wrote to memory of 3172	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	103
PID 1180 wrote to memory of 3172	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	103
PID 1180 wrote to memory of 3172	1180	64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe	103
PID 4196 wrote to memory of 4080	4196	Unicorn-30241.exe	104
PID 4196 wrote to memory of 4080	4196	Unicorn-30241.exe	104
PID 4196 wrote to memory of 4080	4196	Unicorn-30241.exe	104
PID 324 wrote to memory of 4420	324	Unicorn-5990.exe	105
PID 324 wrote to memory of 4420	324	Unicorn-5990.exe	105
PID 324 wrote to memory of 4420	324	Unicorn-5990.exe	105
PID 3936 wrote to memory of 3968	3936	Unicorn-2207.exe	106
PID 3936 wrote to memory of 3968	3936	Unicorn-2207.exe	106
PID 3936 wrote to memory of 3968	3936	Unicorn-2207.exe	106
PID 4376 wrote to memory of 4732	4376	Unicorn-11060.exe	107
PID 4376 wrote to memory of 4732	4376	Unicorn-11060.exe	107
PID 4376 wrote to memory of 4732	4376	Unicorn-11060.exe	107
PID 3172 wrote to memory of 4704	3172	Unicorn-23754.exe	108
PID 3172 wrote to memory of 4704	3172	Unicorn-23754.exe	108
PID 3172 wrote to memory of 4704	3172	Unicorn-23754.exe	108
PID 2096 wrote to memory of 2164	2096	Unicorn-17888.exe	109
PID 2096 wrote to memory of 2164	2096	Unicorn-17888.exe	109
PID 2096 wrote to memory of 2164	2096	Unicorn-17888.exe	109
PID 4804 wrote to memory of 1888	4804	Unicorn-4153.exe	110

C:\Users\Admin\AppData\Local\Temp\64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe
"C:\Users\Admin\AppData\Local\Temp\64b38a1289d99e2d0456434d5c84323c6781a2b9e86ac249c4968743a50b7730.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        11⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        11⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        10⤵
        
        PID:14872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14872 -s 452
        11⤵
        Program crash
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9522.exe
        10⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        9⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        9⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        9⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        9⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        9⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        9⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        9⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        10⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        10⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        10⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        9⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        9⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        9⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        9⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        9⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        8⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47720.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5778.exe
        9⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21165.exe
        8⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        9⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        8⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        8⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        8⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        8⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43816.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        8⤵
        
        PID:12604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        7⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57429.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
        7⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        9⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        9⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
        9⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        7⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        9⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        8⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        7⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        7⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        7⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        8⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        8⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        7⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        7⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
        5⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2882.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
        7⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        7⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50578.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        5⤵
        
        PID:13232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        5⤵
        
        PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        7⤵
        Executes dropped EXE
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46790.exe
        9⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31474.exe
        9⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        9⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        8⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        8⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        8⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        8⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        7⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        6⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        7⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        7⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25045.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
        6⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
        7⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1673.exe
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        7⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        7⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        6⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        6⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        7⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        7⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        7⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        6⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        5⤵
        
        PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        6⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        8⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        7⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        7⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        7⤵
        
        PID:16620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16620 -s 464
        8⤵
        Program crash
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        6⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        6⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 464
        7⤵
        Program crash
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        5⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        7⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        6⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        6⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        6⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        5⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
        7⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        6⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        6⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        5⤵
        
        PID:14528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47805.exe
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        5⤵
        
        PID:9764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 652
        6⤵
        Program crash
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13029.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
      4⤵
      PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
      4⤵
      PID:16212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        8⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        8⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        7⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        7⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15714.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        6⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        6⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36067.exe
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29498.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        5⤵
        
        PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        8⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        8⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        6⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        7⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        6⤵
        
        PID:11280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        5⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
        5⤵
        
        PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        5⤵
        
        PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-547.exe
      4⤵
      PID:11592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        6⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        9⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        9⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        8⤵
        
        PID:16532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16532 -s 212
        9⤵
        Program crash
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        7⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
        7⤵
        
        PID:14596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14596 -s 468
        8⤵
        Program crash
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        7⤵
        
        PID:12976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        7⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        6⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        6⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15777.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        7⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        5⤵
        
        PID:15612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
      4⤵
      PID:11952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
      4⤵
      PID:15744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      4⤵
      PID:12752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        5⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        7⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        5⤵
        
        PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
      4⤵
      PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20490.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
      4⤵
      PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        6⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        7⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        5⤵
        
        PID:14484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        5⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        5⤵
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        5⤵
        
        PID:14076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14076 -s 464
        6⤵
        Program crash
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        5⤵
        
        PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34354.exe
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
      4⤵
      PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
      4⤵
      PID:6592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
    3⤵
    PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14039.exe
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      4⤵
      PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      4⤵
      PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9230.exe
    3⤵
    PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
      4⤵
      PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5682.exe
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
    3⤵
    PID:10688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
    3⤵
    PID:13616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
    3⤵
    PID:16060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
    3⤵
    PID:7416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        7⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        9⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        9⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
        9⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        9⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        8⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        8⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        8⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        8⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
        7⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36031.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        7⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        6⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        6⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        5⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        7⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19258.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        5⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19213.exe
        5⤵
        
        PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44626.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        7⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49208.exe
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        6⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        5⤵
        
        PID:9872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 724
        6⤵
        Program crash
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        5⤵
        
        PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21465.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        5⤵
        
        PID:14792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        5⤵
        
        PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
      4⤵
      PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
      4⤵
      PID:11820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        6⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        7⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18725.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        6⤵
        
        PID:16216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        7⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        6⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
        5⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11818.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        7⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
        6⤵
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1677.exe
        5⤵
        
        PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        5⤵
        
        PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
      4⤵
      PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        7⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        7⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        5⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64418.exe
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8754.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
        6⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29363.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5662.exe
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        5⤵
        
        PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
      4⤵
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
      4⤵
      PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
      4⤵
      PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        6⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        5⤵
        
        PID:12320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        5⤵
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
      4⤵
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
      4⤵
      PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
    3⤵
    PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        5⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        5⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
      4⤵
      PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        5⤵
        
        PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      4⤵
      PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
    3⤵
    PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
    3⤵
    PID:9844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
    3⤵
    PID:13644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
    3⤵
    PID:7164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        7⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        5⤵
        
        PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16014.exe
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60997.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19252.exe
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
      4⤵
      PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
      4⤵
      PID:15496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
    3⤵
    - Executes dropped EXE
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        5⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        7⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22486.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26110.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31119.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20540.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        5⤵
        
        PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7163.exe
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        5⤵
        
        PID:16540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16540 -s 176
        6⤵
        Program crash
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18638.exe
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49358.exe
    3⤵
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        5⤵
        
        PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
      4⤵
      PID:16468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
    3⤵
    PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45799.exe
      4⤵
      PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
      4⤵
      PID:17212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
    3⤵
    PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
    3⤵
    PID:13968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42338.exe
    3⤵
    PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
    3⤵
    PID:3680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        5⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
        7⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60308.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        6⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        5⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64150.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        5⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        5⤵
        
        PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
      4⤵
      PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
      4⤵
      PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
      4⤵
      PID:16392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
      4⤵
      PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
      4⤵
      PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
      4⤵
      PID:16444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
    3⤵
    PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        5⤵
        
        PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
      4⤵
      PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
      4⤵
      PID:14292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
    3⤵
    PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
      4⤵
      PID:10420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
      4⤵
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
    3⤵
    PID:9452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
    3⤵
    PID:16604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        5⤵
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        5⤵
        
        PID:9912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        5⤵
        
        PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      4⤵
      PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
      4⤵
      PID:15672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
    3⤵
    PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
        5⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        5⤵
        
        PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
      4⤵
      PID:8708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
    3⤵
    PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
      4⤵
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
      4⤵
      PID:12696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
    3⤵
    PID:9480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
    3⤵
    PID:13988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
    3⤵
    PID:5320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13484.exe
      4⤵
      PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
      4⤵
      PID:15588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
      4⤵
      PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
    3⤵
    PID:12304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
    3⤵
    PID:13796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
  2⤵
  PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
      4⤵
      PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      4⤵
      PID:13876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
    3⤵
    PID:9668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
    3⤵
    PID:13588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
    3⤵
    PID:11356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
  2⤵
  PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
    3⤵
    PID:9432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
    3⤵
    PID:11120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36985.exe
    3⤵
    PID:16184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
    3⤵
    PID:7288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:10708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
  2⤵
  PID:12240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
  2⤵
  PID:16760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 14564 -ip 14564
1⤵
PID:16264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 9764 -ip 9764
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 14076 -ip 14076
1⤵
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 7424 -ip 7424
1⤵
PID:14868

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 16532 -ip 16532
1⤵
PID:17724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 16540 -ip 16540
1⤵
PID:17800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2236 -ip 2236
1⤵
PID:12476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe

Filesize
468KB

MD5
39c93cbedd95af7806eebde157b1e717

SHA1
079e30333c3202b84252911c1d5070ca74b7ca12

SHA256
c68f200b5c1c756149e67441413e97a4dd5123b77552d2d2c3d0968386d6a821

SHA512
9664d3cc1580f98aba0a7159cc56daa8624fc5b2add72e6c09df62d6fed92d71246d03a3624a55650bd7f8ec49bd73dd36923a32ce56035c0a6fe8eafa98c3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe

Filesize
468KB

MD5
c19e6ba845704ceb85bec73f9296651a

SHA1
1a7cead25b4470b6f2f898888d0133d3ae58968a

SHA256
9ac50d9b894a9f18379c51aa4eb0dbb8840936cde970d0054b011585c397f4ac

SHA512
4a9739d28608212b0a3b25a64aec699de252cbd69e462a96e0631a743206e5ab03e58a6ee68db614eedae230f06d0dae46e4a5f47efd4b827a4fadf8f556491b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe

Filesize
468KB

MD5
27822a53253d4f557b442e5584b2811a

SHA1
98520902dfb41f33e3ad28cf4d14016c159f636f

SHA256
1b7dcf81fe541cb8820685c8d2492c98a880d79b116c02dcf176e6ee459b627d

SHA512
4e446b91e6af8e38819a0e94663e5378f3d1a9d793df4e7466c4132a6455ddcee6661dddc6d43d4e065f4d45ddf18dbad9eaa7e2f9e49bb401938527208c1d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe

Filesize
468KB

MD5
ec400ac8e530cdab065b80ae38549de8

SHA1
b1ce447c2d4d8850902c578fe6185b3c69f140de

SHA256
17066c01ad9fff233641283a501df82579a5de68cd36475e18dff8659081c890

SHA512
aeeabd1f90c9354aa1eef13c02b3c7159459e67b935fe2d6e0615d1cd345a4d66066a3d26bd3a3b5c2180c7bf5b5298c0471d1341c3ae5c3d25e5afa7992652c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe

Filesize
468KB

MD5
2b6921d03bb7c722d098e44b48d4ed55

SHA1
5113e58257f14233c46e7aaa910aaca9a82d1497

SHA256
81a207f8b8ce5c19b33d2460fa06c8313ca301f078caeb615173b96f9a69cf93

SHA512
81649b19337f5993edc7dbb69587a72981c1d2b9bb6925f63e37986c4e5f2ac4bec63e0e1466818682d832359606506393539372a3373955fe285e336b0d6091

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21767.exe

Filesize
468KB

MD5
9926f92fe0b4a9a9afa7ca14b07fcb6b

SHA1
458b79a6a64909fbdefed22bc4b22ef03157cd69

SHA256
2b5504e6b2328fed060dfd4db2401b1218d2c87e272935d6b6db1bf3dd907309

SHA512
014b4df95289f5c0d891bfafb77840ddb6ef23065f6fe3218a7d228a2585b0544e0e5966d1b5bf031549c5546a83d303aa5cd616eeb6acff02b21de8d53392fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe

Filesize
468KB

MD5
ab65b952f438b2ea8720230ed453e010

SHA1
3fc6a177704662681d9397923ca59aa75d59da0e

SHA256
f381b617082e1b773eeb54fc369b8f4596d0af19f5c3d3c586262f9e58f9699a

SHA512
2faa4476d38ce747ad3891dd4c32b12049d00e192139b19a07a42c8e2d4b40c39ec200a0028071c943b26da287c81ad20fc42191c212119abd0dfcf5916666da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe

Filesize
468KB

MD5
2ea1774a7327c66888430b92cc045dfe

SHA1
5e0cfb714caaf05c5ecb29ddee24f262ee83fb10

SHA256
675314c50bd0d4a133f0f16beab548c7aceacc363537ba9e08e7efe15ce062dc

SHA512
a6353af7f150a093841d142a4b76f3207f11a6704c75ec14e8f0d82641c061de8c07c0e33d80d717cdd2bafef6f0480bf0ed4a873e9f2865f422846d8c31d7e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe

Filesize
468KB

MD5
b3045a2a738defd29644875e97a54596

SHA1
52294ba72b1d27ba23d41b93bfea03c96669534b

SHA256
77ff4fbf8681d4dad2ab86cd1e14616532361f9caad1e2104f970482535b8497

SHA512
5331f6cbdc2131bf14ff218c89a04872a37ccdc90ed049d970f0af9f871e2e202df123169c5f15746a19525791b1dc9d3aa7f9c851e312b572d78fb1345c0721

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe

Filesize
468KB

MD5
d910b53efe7181291c31a9f24d5dabf2

SHA1
c039f39cf21c9f4eef70a9433691d9288d8ea2b3

SHA256
f5edc9527790dd913bc562c5c466cf3aaf2905feac8a77877b6436b23e60d58a

SHA512
bf8596e2301a410a2aa63374cdfced80ba8e6ddfc7c498a6ebe25772ffcbb9e80c2bc58c14341a5b86cc199bf4265e35d0bb422c981d684f61af5cb80cdc20f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe

Filesize
468KB

MD5
773526690fa3acf03e9194849536b92d

SHA1
9e735ef3fd82197aa1f632707cb577762badfc87

SHA256
1ee77941657b3944e5fae2e241e00e39f66d1eeb07e93aa9663c83cfd92f2632

SHA512
d6fa247896ba6481fbfaa7d7b38049e3e6d257989e09a1a3496e45552ef24fc283c32f4764dd80450c981d8bba2387536739e30b746b530d4577a720eeadb786

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe

Filesize
468KB

MD5
8b0643d1272db57bbdef7171ee2d7b38

SHA1
71fb6fb6c05f8fc95681b3cba3d3faab4b1c550a

SHA256
dd39328d1b86cb676c61b314383d7823df16915b7832fe9e0ab0300454eea11c

SHA512
751701013c642c301b5605240ebad64b77b3d9474b72386b9ab74d47870f89ece7fc6a03d57b4ec454c16d1c2cefc3ca64781ebbd27e19cb39bde9439f0fe474

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe

Filesize
468KB

MD5
16fcf5825603f0d72c5d317e4e0c8528

SHA1
164fd4281ef73445ee9346aaeba78cb6181e5ca8

SHA256
48dc637750afd6883e64ce659ea06650bff8ee2b475052b3f23ee5779a40066a

SHA512
60da0d1b77ab209d257a530abbcff28896730c9844e902bcd9338a40c5b573189012aee005e4b36623ea8cf15cbcdc8b4ce04d89b8dbc9ea604aca804c3d60bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe

Filesize
468KB

MD5
3366858ffe145037f60766d9fc25f655

SHA1
1f778daa8d2123cddf433dbad8a9d7edc735bcac

SHA256
2844deed49b01bfc8223d4e2015925ed2024a5bf4bc7523027ff997c4bf0ef48

SHA512
7aa3cc75d594c70935f067b7d167b268c43aaf05985a24fc193a3850b43cc8461b2535395291abc0c8b453d10fefd834528f2db4e5f4e52567a7ff0eeb3c28e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe

Filesize
468KB

MD5
0fec5035dc14ef05eed2de387fa9d865

SHA1
6a305e67334b3ae3306573b0a91d51f8eb6bfd41

SHA256
8aa4a36bdd3877e7a0774a42749f69e790f66aa0c95093673d2d6fc9c764d712

SHA512
3916245f63e0f4ef4dfa68bd29e82bb2f358ffdfe0d613692768887d233f7a8048b186445fad3fedda43ab88636d4a09dd55c2df8922360aa52e51f8b94bcb7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe

Filesize
468KB

MD5
13f91411fff86c19e5c5e62f1d65afec

SHA1
cf94dbf4ebc8abf25cab7353cab9bc3a53a52944

SHA256
1378b057dfd908f0fa3e41915782de719d5e3aa18b2e94bafdfbff59b3cef5fb

SHA512
d4f03ab79adfe83c4b524011c571c3f42d24f6319e6d9ff22ca0d9bd635fa38cf11091ee4635aba8de39ee2af3110220e0046f9590f2c68f50c095dfbceb34cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe

Filesize
468KB

MD5
e0d6cfe98f326410bee645294fa3d441

SHA1
e29b7496aba4444fd63f897f7acbe9436f90eb45

SHA256
e9d29bcee42bb36192a0e5faa2f8f326d85d3d1d010e5534a0fe9d4bb27912c6

SHA512
2ba73c926585571e3d9ef81a8aa8697f8027dd2c4b849a5a6bbf36847a7fca62444cb9683ee2d299f3b1552706f6fd2452718e86947ab732c77eec059a5c5ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe

Filesize
468KB

MD5
61dffc89bc11194bfe39613c190d92a9

SHA1
6962811611baac12bcf2185346ee9cbe4054eeef

SHA256
57ac792a54828cc99906c73b4d13b8342ad3a476770f36089e8c4bc8ff89cc86

SHA512
c23afebe86eb375637d20dbf412643f4dee0b8eb9bcf6b86d3d5ba5366fc7872b8bcd51ccbc3e0b6e2ec5cee6e660c83c80c39f5c5db721838c1919e298e12a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe

Filesize
468KB

MD5
25467a20594498e8121364907dbc7c3b

SHA1
17b90d1258aca90fd0771d9d76941df5196b4120

SHA256
c1c3c6f6e9b9aec2464848349cf52942c6d3e2ee6c83549f1be5cb3171ebfdaf

SHA512
c85a01a19d8ec01bf500709f773629733ebc4f4e7b79e7f7f66de0864c1aee164fa41046d1e8a65913328bbd1b24fb3c5545e3fd21cbedfe03c1f332a1500a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe

Filesize
468KB

MD5
f1439f5279105577b4d9af320e8c5cb5

SHA1
d7dec60f7012599552b65929f6ba6d29b4940c9b

SHA256
2b4b5cfd24155a14ff8dcc0aa5ae688867dce8a7285516687d94668e8597ad18

SHA512
a4356e5b903008aea67d49e740e7fd0e2bd69ab371be6ef1512c33fd41f04906ebf42fc20735158573928f4c53f6c3e604dcde5072a20c2c335e43a46046088f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe

Filesize
468KB

MD5
e7ba07afd43aaaaa9e6b098c5783a299

SHA1
8dc7f4a5bc31df535608bf7933536625cd1a62f6

SHA256
4dadab35ada7c77b2907ed9ee5d51f777be7e2b723d66c5a2d63cbd2e360aaae

SHA512
a8a502b54625c8670d627598bc58983b7b9ef7da8513cf35adb3db3ac6dd3b1d003ff2bfae2c6ff9ff3dc007716101fd2471038128b0ef7eded2750eb0f72d76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe

Filesize
468KB

MD5
c6360016b0fbfe80299877966c8ca23b

SHA1
57837f0831e249ec2ad48b98600c8bb3e036aab0

SHA256
b609b7427ee887d6e9292abe979ee756e15dcd9ed6dc0b37f935d32c3fde4adf

SHA512
c1239c36c84c264d683cceafc21e2432b193795be97f101f5ebc88343149c9d3019c377d081c7eb91abb57206548561a21f4fd650bb1f908289d047c2b50e6e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe

Filesize
468KB

MD5
fc97665c9512b06bbda1df36433cf360

SHA1
807c965a24fa31843cafdc1a8f0f472cb7efebf8

SHA256
259f0b400093202a7706e1602e404dbdc64cd3ce1faf8be03a643032857528b2

SHA512
08904bf8d00cb9102b8478fb717002852045b830bdc32991c5f5fbc68724757fe9c3d85983091698edfb3a1541070e8628725978f5e92de3b8d669a04d145dd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe

Filesize
468KB

MD5
1d6a2c18e4174ee2e1fab57641b29b42

SHA1
283fa72ef8c732a3074c0ce1ac8020bbb5066987

SHA256
f5223fadf1bbe2372f84085cb4fec581f265992fdcb2c2a05a8e1f9f1bf4e4f8

SHA512
065e4dd98823278feac453363f5ec7f622e29fd39051fe3835ba80e00b805960c2834519998c96eba587b1f7e7c286a1cf70efce0e51edf6598319088480df6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe

Filesize
468KB

MD5
41ede5cab1687aa0f020979597fb231e

SHA1
0c389309665ca8a532b58f104a2615d4896a6aca

SHA256
889c5558a347832fb8f05b46c92d73e90e646216e9638d270644268fba1173ac

SHA512
1d96943df13c0a6b8827a80edcfb73e94a079041714cf5c7c0668a1e8482608f713e22ca5571d9c5d3eeed2527e17cb43254d2ce76785b919733281335aab2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe

Filesize
468KB

MD5
468f368fb249f95809b7e78e60fb2ace

SHA1
ca968db52b90d62750a39d2b78add5f4413551b0

SHA256
7877ed139775817189487816020e70eb299358ccda270afa70db8b6be72f1dca

SHA512
9d8bf2f7c0412b273f751c11e98239bf4ef56259a409b5ad24eb654d51154e72fef981c219c344d518a67c73d1f63e186c0d08c48466818fc0394773cf255bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe

Filesize
468KB

MD5
6e965e30290ecc584bf40b20fee5d713

SHA1
84703531cd11532ec0c540d0847ea1cee732cca7

SHA256
64072f6fb213b6f859d1703843eaab0c3a56d5055106e27364f0b9940f40a67f

SHA512
9c6f014673a724d41ff3e811a3b6e4c602c5051036ce135f2dc49768402deb94666145f3237955c1937d4433b0392197152f5ff1b4abe7a3b736151ec577cd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe

Filesize
468KB

MD5
bc372233ddf1a7d7b7a61c1a05d87e60

SHA1
06557653b9572a0813a7a9781e0079210a8fa77e

SHA256
cc2c833f942a570a699c057f54486412776db98993a1e38158ba90b5ddb8beea

SHA512
3f197595b3caa75ae11e7d8bab727f6fdb98020502909b5d107910eac803c74f42a0f7d94df8566f77b2b3ab6479da156fd4732253a0e936750646ef9dd23d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe

Filesize
468KB

MD5
53bf4b6e2c3c743b8e6bc6ea8c7f1d09

SHA1
fc167c4c7c407bf398449cf140dacb4c8e4822d1

SHA256
3912cd91d998373d2b0e1ff6d3cfa5a081be9c004dcf995316d822b6b7b41cc0

SHA512
33fcf7b933e1bb8c637d50b8ed1c901ffb084b365b6e3ea235a68a7e1e42d34cd6d768aa0fef3685ff1441b59217501809cf266c1b2a833b7be9b5e9a13a2750

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe

Filesize
468KB

MD5
5a2cd29394abe92d96f5b3fb4a211730

SHA1
240331c25db9c3ae3975f512f930eafff320e98a

SHA256
4aa361b2979774a33be9a8e60030d91b3da19f92ce52720abc6c72f0969243ab

SHA512
8f5e7d48f4f6587abb35f9a626bb962cda03d9fdb75e75711351360300e959b220d386595674e042fbbbc8268f3c5b6b7b3817c7e902e21d8224e72fe0b657de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe

Filesize
468KB

MD5
69fba94b11d1073e24a3db5eef7d2673

SHA1
2f342a0953da39fb4ff1c3b52b2950a44d3d335a

SHA256
afa73d7c259384d8bbbb57d39031b25d5fe6298e5ef7793833692d907fc8a4fb

SHA512
4abc089d7460dc49bc1b3b0d0ac4870f2ce6577f75c38156f420f03ffc4c8a186fbc6a9e33aae9077ebb8a8dd348350d86bd231331d0fb8aadc8764e69842433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe

Filesize
468KB

MD5
fe97df1c2f1fb7c679202e300b73fb18

SHA1
3c6dd514f5d845c1143b801618077e53d8f677eb

SHA256
910c44c7c26c3c84d5370af9444f6b10c710f90d4c4b6e18d62b23ce79c6b9f8

SHA512
dca33fc6d62de3f915bc6ea5847d89861e1a71e25177a1ac25b51befcf10d2e247b8323c3d53ec2f3edccbc0315e9cf1f6994cf9908c6e4e8c8de5b6fb516ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe

Filesize
468KB

MD5
64a21f055cb6637f17eedd70ca3fc722

SHA1
7bd3133d080484fb1e73f3f08b178bbfbe433167

SHA256
b2ef920d913f21277ed6f0f690fe6632afa7016e184847809ca03c193fe4a038

SHA512
220ee225b526b59535da99a9d1c0df9fb2504000f6f365bddb6a894c554686c34513c08fb7b25d7877bd9d0afb72cde036949949b0ab4524ace69e564b21f605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe

Filesize
468KB

MD5
0864db83fe169654fdb7e4758fef4816

SHA1
574b061f4dba4a9a9dbf37c08ccf381c4372a4c5

SHA256
aafa0cc6e200274de9a1388969116f925e008e3fcb2f496d85566f66b49b7260

SHA512
114beadc57fef8a28d84612d0a1338b29e323258da0fab3cf3ed97e669eafd7ea9b5ab604039e01a3a087bd8fb5a50f17fca1e50e141a6edefce75ad91d29047

Download Submit
memory/324-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/428-550-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/552-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/668-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/692-186-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/872-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1012-421-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1088-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1180-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1200-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1272-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1296-2513-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1496-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1572-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1580-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1636-435-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1652-445-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1860-444-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1888-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-187-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2044-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-531-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-92-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2208-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-294-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-407-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2552-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2600-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-43-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2752-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-311-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-325-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3172-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3268-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3300-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3332-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3444-73-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3452-520-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3456-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3504-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3528-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3548-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3572-529-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3800-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3812-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3840-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3908-181-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3936-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3968-123-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4080-110-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4092-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4120-446-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4188-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4196-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4320-512-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4368-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4376-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4424-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4620-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4704-141-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4708-532-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4716-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4720-514-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4732-138-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4772-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4800-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4804-93-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4808-424-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4912-396-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4916-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4928-425-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4984-530-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5000-222-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5004-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5016-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5032-216-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5116-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5144-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-549-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5228-555-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5428-556-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5440-570-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5452-575-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads