2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956f

Analysis

max time kernel
108s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe
Size

184KB
MD5

f67396a3d95878170a45a3b4bff5c4d0
SHA1

7609641791696a80e06317c9326402f2f70b6d37
SHA256

2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956f
SHA512

0eabbab87ca8e8eb62adbf427bb1fc2747aed41c0a92db85028b248886109d49fc65ecc3860e1b08e16b9a2da2106558d5b1db74e46c82c0c057fb41dfd7e594
SSDEEP

3072:Sus7ufoJ9agTd4xZs6yh86/p+lvnqnxiux:SuhoJJ4xo8op+lPqnxiu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3180	Unicorn-52659.exe
1892	Unicorn-41367.exe
4448	Unicorn-48144.exe
2764	Unicorn-52825.exe
552	Unicorn-28683.exe
1600	Unicorn-44465.exe
2020	Unicorn-38335.exe
4668	Unicorn-54517.exe
704	Unicorn-30567.exe
3284	Unicorn-42265.exe
540	Unicorn-7454.exe
3228	Unicorn-48850.exe
2356	Unicorn-62585.exe
2280	Unicorn-2913.exe
1816	Unicorn-54278.exe
2780	Unicorn-57615.exe
4868	Unicorn-22805.exe
4852	Unicorn-146.exe
1068	Unicorn-17137.exe
2616	Unicorn-30781.exe
1060	Unicorn-26697.exe
1392	Unicorn-26697.exe
1728	Unicorn-22348.exe
2516	Unicorn-22613.exe
3908	Unicorn-40325.exe
4936	Unicorn-43125.exe
4660	Unicorn-29389.exe
3480	Unicorn-29389.exe
1412	Unicorn-28041.exe
3868	Unicorn-17826.exe
2860	Unicorn-52545.exe
1448	Unicorn-28595.exe
4008	Unicorn-5290.exe
4576	Unicorn-46878.exe
3700	Unicorn-3899.exe
184	Unicorn-54491.exe
4492	Unicorn-50407.exe
4024	Unicorn-28516.exe
2032	Unicorn-26214.exe
3764	Unicorn-65181.exe
3852	Unicorn-37147.exe
3248	Unicorn-44761.exe
224	Unicorn-16535.exe
4856	Unicorn-28233.exe
1324	Unicorn-50791.exe
2308	Unicorn-30925.exe
4876	Unicorn-5766.exe
464	Unicorn-11631.exe
1980	Unicorn-8388.exe
1456	Unicorn-8388.exe
4944	Unicorn-35031.exe
4464	Unicorn-9565.exe
1984	Unicorn-220.exe
3344	Unicorn-41807.exe
1208	Unicorn-20732.exe
2460	Unicorn-48659.exe
1508	Unicorn-4496.exe
4988	Unicorn-46084.exe
4312	Unicorn-30874.exe
5092	Unicorn-412.exe
1660	Unicorn-62441.exe
3684	Unicorn-15378.exe
2180	Unicorn-61050.exe
2204	Unicorn-35699.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
3632	3764	WerFault.exe	130
3084	4876	WerFault.exe	137
4440	4876	WerFault.exe	137
5392	5092	WerFault.exe	155
6648	1984	WerFault.exe	143
7152	964	WerFault.exe	183
17164	16124	WerFault.exe	788
17156	16304	WerFault.exe	796
16480	16320	WerFault.exe	797
17192	15692	WerFault.exe	803
16468	16292	WerFault.exe	937
2536	17996	WerFault.exe	891
4956	2908	WerFault.exe	1020
2168	17904	WerFault.exe	881
2148	4816	WerFault.exe	1000

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36527.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 26 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17600	Process not Found
Token: SeChangeNotifyPrivilege	17600	Process not Found
Token: 33	17600	Process not Found
Token: SeIncBasePriorityPrivilege	17600	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe
3180	Unicorn-52659.exe
1892	Unicorn-41367.exe
4448	Unicorn-48144.exe
2764	Unicorn-52825.exe
552	Unicorn-28683.exe
1600	Unicorn-44465.exe
2020	Unicorn-38335.exe
4668	Unicorn-54517.exe
704	Unicorn-30567.exe
2356	Unicorn-62585.exe
3228	Unicorn-48850.exe
540	Unicorn-7454.exe
2280	Unicorn-2913.exe
3284	Unicorn-42265.exe
1816	Unicorn-54278.exe
2780	Unicorn-57615.exe
4868	Unicorn-22805.exe
4852	Unicorn-146.exe
1068	Unicorn-17137.exe
2616	Unicorn-30781.exe
2516	Unicorn-22613.exe
1060	Unicorn-26697.exe
1392	Unicorn-26697.exe
4936	Unicorn-43125.exe
4660	Unicorn-29389.exe
3908	Unicorn-40325.exe
1728	Unicorn-22348.exe
3480	Unicorn-29389.exe
1412	Unicorn-28041.exe
3868	Unicorn-17826.exe
2860	Unicorn-52545.exe
1448	Unicorn-28595.exe
4008	Unicorn-5290.exe
4576	Unicorn-46878.exe
3700	Unicorn-3899.exe
4492	Unicorn-50407.exe
184	Unicorn-54491.exe
4024	Unicorn-28516.exe
2032	Unicorn-26214.exe
3764	Unicorn-65181.exe
3852	Unicorn-37147.exe
3248	Unicorn-44761.exe
224	Unicorn-16535.exe
4856	Unicorn-28233.exe
1324	Unicorn-50791.exe
2308	Unicorn-30925.exe
4876	Unicorn-5766.exe
1208	Unicorn-20732.exe
1456	Unicorn-8388.exe
1980	Unicorn-8388.exe
4464	Unicorn-9565.exe
3344	Unicorn-41807.exe
464	Unicorn-11631.exe
1984	Unicorn-220.exe
4944	Unicorn-35031.exe
2460	Unicorn-48659.exe
1508	Unicorn-4496.exe
4312	Unicorn-30874.exe
5092	Unicorn-412.exe
4988	Unicorn-46084.exe
1660	Unicorn-62441.exe
2180	Unicorn-61050.exe
3684	Unicorn-15378.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 3180	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	84
PID 4792 wrote to memory of 3180	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	84
PID 4792 wrote to memory of 3180	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	84
PID 3180 wrote to memory of 1892	3180	Unicorn-52659.exe	89
PID 3180 wrote to memory of 1892	3180	Unicorn-52659.exe	89
PID 3180 wrote to memory of 1892	3180	Unicorn-52659.exe	89
PID 4792 wrote to memory of 4448	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	90
PID 4792 wrote to memory of 4448	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	90
PID 4792 wrote to memory of 4448	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	90
PID 1892 wrote to memory of 2764	1892	Unicorn-41367.exe	92
PID 1892 wrote to memory of 2764	1892	Unicorn-41367.exe	92
PID 1892 wrote to memory of 2764	1892	Unicorn-41367.exe	92
PID 3180 wrote to memory of 552	3180	Unicorn-52659.exe	93
PID 3180 wrote to memory of 552	3180	Unicorn-52659.exe	93
PID 3180 wrote to memory of 552	3180	Unicorn-52659.exe	93
PID 4448 wrote to memory of 1600	4448	Unicorn-48144.exe	94
PID 4448 wrote to memory of 1600	4448	Unicorn-48144.exe	94
PID 4448 wrote to memory of 1600	4448	Unicorn-48144.exe	94
PID 4792 wrote to memory of 2020	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	95
PID 4792 wrote to memory of 2020	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	95
PID 4792 wrote to memory of 2020	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	95
PID 2764 wrote to memory of 4668	2764	Unicorn-52825.exe	98
PID 2764 wrote to memory of 4668	2764	Unicorn-52825.exe	98
PID 2764 wrote to memory of 4668	2764	Unicorn-52825.exe	98
PID 1892 wrote to memory of 704	1892	Unicorn-41367.exe	99
PID 1892 wrote to memory of 704	1892	Unicorn-41367.exe	99
PID 1892 wrote to memory of 704	1892	Unicorn-41367.exe	99
PID 552 wrote to memory of 3284	552	Unicorn-28683.exe	100
PID 552 wrote to memory of 3284	552	Unicorn-28683.exe	100
PID 552 wrote to memory of 3284	552	Unicorn-28683.exe	100
PID 2020 wrote to memory of 540	2020	Unicorn-38335.exe	101
PID 2020 wrote to memory of 540	2020	Unicorn-38335.exe	101
PID 2020 wrote to memory of 540	2020	Unicorn-38335.exe	101
PID 4448 wrote to memory of 3228	4448	Unicorn-48144.exe	102
PID 4448 wrote to memory of 3228	4448	Unicorn-48144.exe	102
PID 4448 wrote to memory of 3228	4448	Unicorn-48144.exe	102
PID 3180 wrote to memory of 2356	3180	Unicorn-52659.exe	103
PID 3180 wrote to memory of 2356	3180	Unicorn-52659.exe	103
PID 3180 wrote to memory of 2356	3180	Unicorn-52659.exe	103
PID 4792 wrote to memory of 2280	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	104
PID 4792 wrote to memory of 2280	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	104
PID 4792 wrote to memory of 2280	4792	2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe	104
PID 1600 wrote to memory of 1816	1600	Unicorn-44465.exe	105
PID 1600 wrote to memory of 1816	1600	Unicorn-44465.exe	105
PID 1600 wrote to memory of 1816	1600	Unicorn-44465.exe	105
PID 4668 wrote to memory of 2780	4668	Unicorn-54517.exe	106
PID 4668 wrote to memory of 2780	4668	Unicorn-54517.exe	106
PID 4668 wrote to memory of 2780	4668	Unicorn-54517.exe	106
PID 704 wrote to memory of 4868	704	Unicorn-30567.exe	107
PID 704 wrote to memory of 4868	704	Unicorn-30567.exe	107
PID 704 wrote to memory of 4868	704	Unicorn-30567.exe	107
PID 1892 wrote to memory of 4852	1892	Unicorn-41367.exe	108
PID 1892 wrote to memory of 4852	1892	Unicorn-41367.exe	108
PID 1892 wrote to memory of 4852	1892	Unicorn-41367.exe	108
PID 2764 wrote to memory of 1068	2764	Unicorn-52825.exe	109
PID 2764 wrote to memory of 1068	2764	Unicorn-52825.exe	109
PID 2764 wrote to memory of 1068	2764	Unicorn-52825.exe	109
PID 2356 wrote to memory of 2616	2356	Unicorn-62585.exe	110
PID 2356 wrote to memory of 2616	2356	Unicorn-62585.exe	110
PID 2356 wrote to memory of 2616	2356	Unicorn-62585.exe	110
PID 2280 wrote to memory of 1060	2280	Unicorn-2913.exe	111
PID 2280 wrote to memory of 1060	2280	Unicorn-2913.exe	111
PID 2280 wrote to memory of 1060	2280	Unicorn-2913.exe	111
PID 3228 wrote to memory of 1392	3228	Unicorn-48850.exe	112

C:\Users\Admin\AppData\Local\Temp\2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe
"C:\Users\Admin\AppData\Local\Temp\2f4d872a8129afe58de19cfc307c14ea2232efc70d15e3e3e3330fa6834d956fN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        10⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        10⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        10⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        10⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64247.exe
        10⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35943.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        9⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        10⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        9⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        9⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        9⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        10⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        10⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        9⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        9⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
        8⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        8⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        10⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        9⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        9⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        8⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58931.exe
        9⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        9⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        10⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        10⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        9⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
        9⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        9⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        9⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34903.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        8⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        8⤵
        
        PID:17668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        8⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47863.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
        6⤵
        Executes dropped EXE
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        8⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        9⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        9⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        8⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62682.exe
        7⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63712.exe
        6⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        7⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        7⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        7⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
        6⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61268.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
        9⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        10⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        9⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        9⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        9⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        9⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
        8⤵
        
        PID:16440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        8⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        7⤵
        
        PID:17996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17996 -s 460
        8⤵
        Program crash
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        6⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        7⤵
        
        PID:16320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16320 -s 436
        8⤵
        Program crash
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        7⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        8⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        7⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        7⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        6⤵
        
        PID:16304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16304 -s 176
        7⤵
        Program crash
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23355.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        7⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        7⤵
        
        PID:17904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17904 -s 496
        8⤵
        Program crash
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        6⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62611.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        6⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        7⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        6⤵
        
        PID:17412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        6⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14781.exe
        5⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
        5⤵
        
        PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        9⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        10⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        9⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        9⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        9⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        9⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        8⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        8⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56364.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        8⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
        9⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        8⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        7⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        9⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        7⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
        6⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        8⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23629.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        7⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        7⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        7⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21553.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
        8⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9238.exe
        7⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23140.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        6⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46005.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
        8⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        8⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        7⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        6⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46937.exe
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        5⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        7⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        5⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
        6⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55840.exe
        5⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35943.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        7⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        7⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        5⤵
        
        PID:17644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        6⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        6⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        6⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 80
        7⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        5⤵
        
        PID:17488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
      4⤵
      PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
      4⤵
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        6⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
        8⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        7⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41685.exe
        7⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        7⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10438.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
        8⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        7⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
        7⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        7⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        7⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 248
        8⤵
        Program crash
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
        7⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        6⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        5⤵
        
        PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        6⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        8⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        8⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33044.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        5⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10054.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        7⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        7⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
        7⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        6⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        5⤵
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 484
        5⤵
        Program crash
        
        PID:3084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 492
        5⤵
        Program crash
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        6⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        6⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        5⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        5⤵
        
        PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
      4⤵
      PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        5⤵
        
        PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
      4⤵
      PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
      4⤵
      PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
      4⤵
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 484
        6⤵
        Program crash
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        7⤵
        
        PID:12876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
        5⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        5⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        5⤵
        
        PID:18248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
        5⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        7⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        7⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        6⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        6⤵
        
        PID:17588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        6⤵
        
        PID:12568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        5⤵
        
        PID:13052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        6⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        6⤵
        
        PID:14912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
      4⤵
      PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
      4⤵
      PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        5⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61175.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        7⤵
        
        PID:16760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 656
        6⤵
        Program crash
        
        PID:7152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 632
        5⤵
        Program crash
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
      4⤵
      PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63129.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61493.exe
        6⤵
        
        PID:18004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        5⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      4⤵
      PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
      4⤵
      PID:15560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        6⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        7⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        7⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        6⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34894.exe
        5⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
      4⤵
      PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
      4⤵
      PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
      4⤵
      PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
      4⤵
      PID:17320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
    3⤵
    PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      4⤵
      PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
      4⤵
      PID:17324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
    3⤵
    PID:9864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
    3⤵
    PID:14200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
    3⤵
    PID:18264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16507.exe
        8⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        7⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        7⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        8⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        7⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        7⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        6⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        6⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        8⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
        8⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        6⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        7⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        6⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11770.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        7⤵
        
        PID:17660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 632
        6⤵
        Program crash
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33341.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
        5⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        5⤵
        
        PID:16124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16124 -s 212
        6⤵
        Program crash
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        7⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        7⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        6⤵
        
        PID:13664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        6⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        6⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        5⤵
        
        PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36313.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
        5⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        6⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
      4⤵
      PID:14984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        7⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        7⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        6⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        5⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        7⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        7⤵
        
        PID:14764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        7⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        7⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        7⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        6⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        5⤵
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        6⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        6⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        5⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
        5⤵
        
        PID:17420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      4⤵
      PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
      4⤵
      PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
      4⤵
      PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
      4⤵
      PID:17160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        6⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        6⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        5⤵
        
        PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40563.exe
        5⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        6⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        5⤵
        
        PID:15692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15692 -s 464
        6⤵
        Program crash
        
        PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
      4⤵
      PID:12348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
      4⤵
      PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
      4⤵
      PID:16292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16292 -s 276
        5⤵
        Program crash
        
        PID:16468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        6⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
        7⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        5⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        5⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
      4⤵
      PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
      4⤵
      PID:18208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
      4⤵
      PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
      4⤵
      PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
    3⤵
    PID:7572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
    3⤵
    PID:11920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
    3⤵
    PID:15868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
    3⤵
    PID:5052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56793.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        7⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        6⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        7⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
        6⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        5⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        6⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        5⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        5⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5268.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        6⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32844.exe
        5⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        5⤵
        
        PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        6⤵
        
        PID:17460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        6⤵
        
        PID:18028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        5⤵
        
        PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
      4⤵
      PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33759.exe
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        5⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        5⤵
        
        PID:17772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        5⤵
        
        PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
      4⤵
      PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11948.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
      4⤵
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        5⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
        6⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
      4⤵
      PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
      4⤵
      PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        5⤵
        
        PID:15252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37103.exe
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
    3⤵
    PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
    3⤵
    PID:10200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
    3⤵
    PID:13324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
    3⤵
    PID:15852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
    3⤵
    PID:16796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        5⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16098.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        5⤵
        
        PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4161.exe
        6⤵
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        5⤵
        
        PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        5⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
      4⤵
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36055.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
      4⤵
      PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19845.exe
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
      4⤵
      PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
      4⤵
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        5⤵
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22233.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
      4⤵
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
      4⤵
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
      4⤵
      PID:17984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14503.exe
    3⤵
    PID:10960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
    3⤵
    PID:15784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49783.exe
    3⤵
    PID:17496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55041.exe
      4⤵
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        6⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        6⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
      4⤵
      PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
      4⤵
      PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
      4⤵
      PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
      4⤵
      PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
      4⤵
      PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
      4⤵
      PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
    3⤵
    PID:10108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:13356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
    3⤵
    PID:17528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        5⤵
        
        PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
      4⤵
      PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14317.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
      4⤵
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
      4⤵
      PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59485.exe
      4⤵
      PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
    3⤵
    PID:10536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
    3⤵
    PID:16152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
    3⤵
    PID:5276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
  2⤵
  PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
    3⤵
    PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36797.exe
      4⤵
      PID:18216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
    3⤵
    PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
    3⤵
    PID:17192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
    3⤵
    PID:18412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
  2⤵
  PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51889.exe
    3⤵
    PID:15848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
  2⤵
  PID:6576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
  2⤵
  PID:13288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
  2⤵
  PID:18396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3764 -ip 3764
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4876 -ip 4876
1⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4876 -ip 4876
1⤵
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5092 -ip 5092
1⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1984 -ip 1984
1⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 964 -ip 964
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 16124 -ip 16124
1⤵
PID:15816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 16304 -ip 16304
1⤵
PID:16892

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 17904 -ip 17904
1⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 14864 -ip 14864
1⤵
PID:18012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 17192 -ip 17192
1⤵
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4816 -ip 4816
1⤵
PID:18292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe

Filesize
184KB

MD5
4e003f1db3fa1bb58a9d42fd7bb34f68

SHA1
2a6c7fd692d64d08d62d9d007b0b3f6e743f4620

SHA256
9f2417c2d4265d226eaaf8d81e59e106dfd887cbc9fa83ed0267e7d7b9d61d7b

SHA512
1ca2082c123b54c337db54dc63d1032de2a5a08ebfc9d922d0c2274cf32ab2b1c78b3b25380a64224297ca46a024f38257d1317accbb3a9e3a637ea6cba7dcb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe

Filesize
184KB

MD5
af6bdcfaef37e3ba358630c53a53e4a4

SHA1
5ee93899ba771193ce00416c624f09eddfe5f8d8

SHA256
2ba06d1eb0c4378731bdc047a2d80a14970c2556a13040e37b27f7fbf02867a9

SHA512
6c75952d74982c2a0ad5d1d9728b4c88706cbab262f7a96b3a83246c8e84c25e39df10612496f300b066374141d5196b2206c271c7b763116bc9fca89536d513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe

Filesize
184KB

MD5
796ce317bc7a171906d156182999cb57

SHA1
d28be1b88569311753e498458167e63babb83340

SHA256
a0438928a5df14b96df270e2c5ee3aec3bdb9c8edab03e92263c04f04bad9aaa

SHA512
94582349e6db9e22feb270029b390203a7ab65b63e242c6ad5adaef95cefc8d7c3bb57939fc3b12881ebbd887150a39139e6e935b21b786aca163d8c4db28643

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe

Filesize
184KB

MD5
16bb1c3af7b3c4d04a828c946ad2bfe4

SHA1
d2633be7b59c8be995225af6e5135426a49abb7e

SHA256
c7d15fe236bdd0053c2052f1b7e9fb447331f01abde4ee1c7a1fa424158696da

SHA512
541839020c3d573efb57545c9cf71825f8ae307275a65f022d4fa3e2ea526b684fab5455b31c803693c998f8214edfca5011ec35f5e96e8f77565c348360e4d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe

Filesize
184KB

MD5
a0eef03983a1a6249ff0214ffdb51b3f

SHA1
db2cc78bee2b5c81dec6293d9a7d67acf41604df

SHA256
8d54040764591945f90db696c8acb4577a31e514a3f2900b4c6d6bc6a635f4b6

SHA512
22d8b251ae7bfbcc7ee179ba332d63ed091fa9ff1b89b21e1661e759aa112d7fcd59164968f3d4f6d264fa855a03294de4bf6be9f33d5ad2a9ec42d17cd89eee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe

Filesize
184KB

MD5
f6fb361442eb064dbc4bf0e418c5153e

SHA1
eb37f1c6fa6dcb5b7247a48c57d3ed8fbdfefcb7

SHA256
5dc288313d3dabff55f6f926a0a909ea7953165c019f723ec3f6ce981e6cc36d

SHA512
9fe08f8790fef2297faf8e816520d6a46554001a79d660a3589d91e630cc481e3e71953c1a306d223004d6a2d03de68c0fe1f693f6a25d82babca7c3c5131e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe

Filesize
184KB

MD5
c9fb3a8eee2f1e08cec9e604017f4f8c

SHA1
c88ebb1c45ad5d48cf6816bba23ef1c552445db4

SHA256
43e87622cd9bc679b75e21ff11b5b083b1a1cda1f141e2c15d17c8b630d263f0

SHA512
1093f7dde5e412d549949fed67431796e16c22fdfd87d9fe52b3accef05b4c9f06cabf506845edda3be56fe9b5359596c1f806a567e35f98c06865eece81171e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe

Filesize
184KB

MD5
0e2d19983f37c936877a475938a7fff5

SHA1
2d391bf85060506b37b8f9055eeab825df729edd

SHA256
fb0f1ff31d6518b20bd8445dc4d22df020afa5aeb4ecf4fad2fd8ddecdeec190

SHA512
9a949d5e50080fc1be3ce4c43073d4ac74bbbe3267e1ff43910bae80d22faa27b89525024fdace3a26e8e546454cc946154edccc713d3ea76c85c671f981c934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe

Filesize
184KB

MD5
0733b462fe56d525cfa43f3f0cf0b3ef

SHA1
b07ec4f9925f3fd910695eb1cc3b38607eefe9e3

SHA256
bf7cca50a74019c6828e31c0388aafdf07ec2a48cac0b8f066375b422c775154

SHA512
e97314ebd2dc507384b9b7d537e128f13fc413eb989332a1e8b53a7e0fec174c48b4c7f8e546ec233aef77f0bc67342028c722de406f4da1686b3e677e726309

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe

Filesize
184KB

MD5
15a0f679bfc9a449da7e900838e0e63d

SHA1
be6d4be0bb47eea229f5604b62da4e921c41682c

SHA256
9fccd5108540bc50bf3e412d3a3acf5938d913de8af8a28a1821a8f56a871804

SHA512
2b86281781363867c59418266ac52ef44f55ee3b1587a871eb1dd32fb035e623f104fd8da3caf22519401a425d2d441854d94cbe5faa1df77cf0449f49dae987

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe

Filesize
184KB

MD5
fda513e9b8c93670d99c26703916df17

SHA1
04e28ebfd8821a99be2b963091f35b788f53ff2d

SHA256
6592d797c131c2eef5f57cc59e710188f1b23366ef8036d2c3f6e797bfc7405e

SHA512
03d5b9217eb50965d44f756088c161eca7cf22063ca850184fad252d0115b63b22b62f634ad7f779a01873852a2b4f1508b76835f9410005988c06cc8bb66570

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe

Filesize
184KB

MD5
887c0ede8984769d8c63c7168364a5b0

SHA1
5cd269bee22c21d678b256c4eb4b3423bbd5917f

SHA256
e6a7881e99b748eb0b0cb65ebe30167edf83a0c82c2e2240af7fdcec4440e0d6

SHA512
f1857b2a44146a07f334fb4261f5f89a9043162a1ec36ff35d60e57856e1aca516757ac2abc1a800e8139152697afc2dcc4abbce8f603eb6fe50d69d4efcaf9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe

Filesize
184KB

MD5
a4436dfbf19448a567e26af47f03178a

SHA1
44e6f71d29d305db754d4a8c58f1d2785213c745

SHA256
e0aa12938bf7c074fb09774d43350a3b06bf575d6dbaabc019142a95638886f2

SHA512
f9c4b8c47253849d81c9fe5f2cdbcc62b83be976585a431c0221b0a5f262c6fda67ae6455125c38dd52e7f1192136929617084a9fc5c02ddcb3eeb0bed0e62b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe

Filesize
184KB

MD5
645e9b92dcdde42310e758716a1e7e47

SHA1
e00509b5dba02d1185eda5abc7c75a29b197b332

SHA256
823339653593a9f5ec98268c1e0a8cd1653c6b0ea2f10d56778a6d47c49e3b19

SHA512
6a7b210f103a3a0786fd6d5cc3080793a0a9b791aab41a0c609e893480a0baf732c13e0594d523cabac5b40a81cbcaa47207a7ec8163c1058a0e503e529de319

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe

Filesize
184KB

MD5
438fffcabc8a52464c05929058149ee2

SHA1
02ae17604ea74d4aff6b77404c80e8dffad8b265

SHA256
28e8a922585667c7fc9b74794dcfe010051034344436c09dba7832e6d9768eec

SHA512
ac630421634b7ab4e6c2b4fcb4fec8b2bd80fd3b2bb5c182ca533d9234bb17d9f833934b15c54e2029f7f5f426eb7d02650a240ae0697af755826ae2c57a6c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe

Filesize
184KB

MD5
584e734165c5b73949ecddfbc1f2eba4

SHA1
353e931113b54a2fa44547c7af3e4acb3a95e297

SHA256
07f76f6b0953ebe53daf4896a8192c65b66a96997c427458ddebc6265df9b7d0

SHA512
de15904e8e9a53d09d6a4a0836a8ffb99e0bd436ad3936b0089ff7ff8a29267a098ac417513984cb52ef6db504c1b89e4838ad5b6b51c7ebcaac9e7cfe9534c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe

Filesize
184KB

MD5
29e577fe33bd0e61699619db6c25323a

SHA1
6cd528d5a576c43e4e8ea0802da77abbbacdaa42

SHA256
1fe32e5767d4502e1cc40157b88f9683674f0c8f11e66f9c5dcb2b3b7f5350ef

SHA512
d729c5fd0fbc9ec8074c73e54ffcbd2db0483b31513274a67f512cb6680513bd4ab18f681656860aa0e3163f0a25c4593dadaf07067b78b1fc31097d2e824b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe

Filesize
184KB

MD5
acefe56386768db2faee0846323e515a

SHA1
665e89c5e6dff42f94eeb8b6795d7f23ef5c17ad

SHA256
29243584ea9ad8d2af327b266f82a98178e213f5e9b117f45e7bd50ef85efd2e

SHA512
cb0b56f582e03c6ea65726256426835aa27260253435444fa9eb958d0bac18a11b2b2ff2d2460600a02da0cf483f691f6af3ab668ca65a5ec67706ef580ad50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe

Filesize
184KB

MD5
3232c698336e924b25fde03072fcd6b3

SHA1
293b243eb7de2b0918cd06b660734ea64a8cde40

SHA256
886f57e4a0ce8759fafe42fb7810a88991ae20adf8759c588e8a8a51833159f9

SHA512
0f82821ae3e9404113d3d66ea9ec68d07591862fd0fd56837ffc7cda49a41f3a4b805574f041c5e10d6346ec0c1ae65bb3e38c6e96645c5ad2c5418609ca831c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42265.exe

Filesize
184KB

MD5
3b5c093bbfd5c572a6a39db2899e38eb

SHA1
565cf2d2b89e662a97c4cf2a712bbb006c5abe65

SHA256
56b6d7fc1892be5039e29246425cbc760fd22067c092d7cb1f5fbcc33eed6184

SHA512
438be8a9445971419619c2bea24bf61ec7ee1f1e6fb9bcf7439445a5d42a462dd88a1046f131f900be6aa2ebb27ed86de4b61cf70b2b3580aa9c26e4d4a970cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe

Filesize
184KB

MD5
6068406f13ba37fc0d5c186554d636b8

SHA1
3690f7ad941504991966f2c49bf97ceda4a390bc

SHA256
94ef5644c9447522c5d3ab040a5432dab7a1913fb2267574e7500c0fb2aedd2d

SHA512
c167bef7f7f555698829773eaf203cbc98a7bf4365ab2da03684fab889a719e793ef19a53b7367ed509a7fbaa6f07798684d7910ac155944a725440fce4b4c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe

Filesize
184KB

MD5
e392214539d5784a3daf4b10b013d18a

SHA1
f742e8a711e431345f53c478b65dbe73df66be6f

SHA256
acede8d0a2848aa09f3f96333c1296ca6dbec1ba68cf6b1a57e11f300567cea9

SHA512
6d2fcbd368b47941f94767571229a4d205c470b1d59dd5d1b8378b8ae8d06e4cf1cbd00af1eda00ddd40aa71591e8b9842609ef9104f5ea324c92963d9887083

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe

Filesize
184KB

MD5
980957923626e273fdb0748ba6435703

SHA1
3f18e6c62fd747d0d370cc77f52ae0cb94d78aca

SHA256
151ae56e1c57037abc9897ffeb9954d378527f3cedb95ea1867766ad001270fc

SHA512
8ecd19f33cedccf5df37f6f1b5e6599828de745bb515101e7f9c029824fac66b6425cdc44a631bf7dcbd961404b668e3b8a7ca115256dd00e32a54535dfeb850

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe

Filesize
184KB

MD5
1e4b4d80ef0db1cc7e137289de413bc0

SHA1
6d9a775c5efadfbe97197812ba4bac94a020a1a9

SHA256
baf59afbb7fdd0d0db97c95aa1f71d640c2df04f707f6df8a86eb8e748d0c407

SHA512
97a5110fba854c6ea7e06967441ba63504866230f0ae70f9f63924f8af16f6d91b8cc6483d3399733af6eb45e0c786538cb33c6df4e51645d8bb371abd520255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe

Filesize
184KB

MD5
7d6f881a0fb5f2bae1e4fc84c5acab7a

SHA1
6538e27dd7bf80c8abe5940d3cd2b79f521145a7

SHA256
78b187c704b059e7f977e2dbce026ad7d4673acb17b44c6df8a3d0358e6f1228

SHA512
7619d669fbe1e4151ccf54e989577c39011d8a22dedd8136bd386ea981b1b22ab8ed9998962862598e9b69d9afd597a1adf7df86f264d4222e5201a97140409b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe

Filesize
184KB

MD5
276de2421b83a0dab353f2cc1cb9dbe3

SHA1
ff62fdae64c526018e74749d6176245641e58b85

SHA256
528639d853e086d71dc047930930976d0b32988573314dadc7e67c7b19876855

SHA512
ff6f7213da346af47d54fdec4e13e9fc3d1381c7398ddcaae0dff1824d6b943f1714688ea05f5cce0da830ce46e04b796b08847db2bec2a9408e872778c57f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe

Filesize
184KB

MD5
3a0e8a25004d698f1418bb7054d45b9d

SHA1
3d5e0593b4b79ac13a572466135602fe4650b183

SHA256
50a55a15a8ee4bbeea1182262e0ef16236326db8640cc56049e1ad570a37c65b

SHA512
4412d72e2263e631985d915ca76fb2a0fc35718057f6e911820d941fec93ddf4199fd44322a14a2532023d41d51ab756b0f92dc9b735438d4dcedba00406e418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe

Filesize
184KB

MD5
211d52b278ddb9aa952e05ee0fb25618

SHA1
50d53cd0bccd4abbd2f08a7d97925fc5180b2f74

SHA256
38ed5eafd3e6d076b3282099a251b5c084997d35cbe8a95c56eafc9f040661e0

SHA512
cb0467d08ec5c47f36eb459063433b1582b53347b801ff2fb919769186215467f5002a4bd9b820ccc1d89530be64b16781a75eda18bebd1c7c716315901f3749

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe

Filesize
184KB

MD5
9424a9994aeff8b98c739bef36fb4ded

SHA1
4740f431d46efa39ba1d8c222aad6e61dde77d6c

SHA256
64d42eaddce5fe041f735180544c56c1cd07bc2a7f48b6ba74f64f9d61d36d65

SHA512
ffb2b44a261ed0e9efdc51d9249cc577491e22ac3bed6a4bebce686a31fd0805fd2770fd91d09aa02fc0b7203bd2f6bf23b6eec1478b7e13a194bb44b6ac6f08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe

Filesize
184KB

MD5
5019f3cf4f891200e1b6145d9ccb2648

SHA1
bb6851ca9a820693d6a207fb1c836a18d5713d25

SHA256
b32788f6859d5774912b7641a685bfd452a9f2e189dc6b9aca7ea67d0bdc2827

SHA512
07a2d6924fd2d9a57634b9a4226a988cdd8a09de1e1f802ce26aa396cb20ea85ec2b7b3c146ab0d4386b666ff77825c3c6c940139b5d6079679bb1573c998168

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe

Filesize
184KB

MD5
c9a08215b83964e4480fe9ceb30d75fa

SHA1
275f9227d756f7693b5637481ae31e1dce3f6266

SHA256
40880d5b57a75b565e6022e1ecdd404c4c10e526a4144a8fdb27e908c45fc8ae

SHA512
d751e78bedcb96a25baa751598e7c4306d9d3764eb67bb254c5c58a6e70ffaab0f5db07d42fc7a6dcecf651bc164135436bb997b4ba6f0324aab94472108f698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe

Filesize
184KB

MD5
73e482c74231c3f651d6a07faad19d4d

SHA1
2548fd4ffc17ee87560ab9957046645e20551a50

SHA256
9cc4b0427cee93860df710312beba0a8ad53e359a81a15efe72dd744f54f9d94

SHA512
b44120149958604419dac4efd5fce2a516f0caee8c038845d17c4b200c90921541cfa09064ca094c152966f4cb35dde2120601ae5e77f1a073b5ba660b62c536

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe

Filesize
184KB

MD5
e6aaeb237e9507a5e2f5585c97db7537

SHA1
465c53a2de1e54e0146fb7f8f3bd645caa617fd9

SHA256
0f6101491aa3e4892ceb9b8cad3f4c747dd0e677ee1e98b0cbffabb4ddf213ba

SHA512
188a51c5919df37232b60672ae60d0ba890b4978b83b60d3e1eda3c84a657c5a425f09ebea76af23a01be019a4c80d10f04945524d5c1979f9b2cafdeb1c947b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads