a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8de

Analysis

max time kernel
120s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe
Size

468KB
MD5

999dbfd785879d6df31a82812573fed0
SHA1

56c51f0cbbc64c2f194653262fb72860e2ae879c
SHA256

a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8de
SHA512

9e143129c7206520e312a9ed56a0d746666c3e30828e91c282ae4129ed9e0a5ce7097336f6eb4b6876df6db6a7e9abb300e24b2db7ba56655de0ac715f23b170
SSDEEP

3072:OQoHogCKI05QtbYJHzcOcfr/GChzs099nLHeaVqdZwuLOXDg/Olq:OQIol8QtOH4OcfyMQnZwQsDg/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3156	Unicorn-41030.exe
4664	Unicorn-65158.exe
3412	Unicorn-61629.exe
428	Unicorn-49694.exe
2204	Unicorn-493.exe
4752	Unicorn-46165.exe
1496	Unicorn-2531.exe
2064	Unicorn-19814.exe
3620	Unicorn-16284.exe
2328	Unicorn-60654.exe
816	Unicorn-60654.exe
4232	Unicorn-3285.exe
2100	Unicorn-48957.exe
4540	Unicorn-13491.exe
2524	Unicorn-11188.exe
3440	Unicorn-65070.exe
3128	Unicorn-6171.exe
1896	Unicorn-27908.exe
3036	Unicorn-23462.exe
1796	Unicorn-39533.exe
2312	Unicorn-62486.exe
3384	Unicorn-15323.exe
1700	Unicorn-4925.exe
4904	Unicorn-50597.exe
3048	Unicorn-31467.exe
5112	Unicorn-13093.exe
4708	Unicorn-17732.exe
4844	Unicorn-24142.exe
1500	Unicorn-36948.exe
2976	Unicorn-56814.exe
3400	Unicorn-32118.exe
4340	Unicorn-25987.exe
4384	Unicorn-6652.exe
3700	Unicorn-63373.exe
2468	Unicorn-63373.exe
3316	Unicorn-36076.exe
468	Unicorn-62797.exe
4244	Unicorn-17126.exe
4832	Unicorn-50758.exe
2988	Unicorn-65372.exe
4164	Unicorn-25102.exe
2956	Unicorn-55013.exe
4012	Unicorn-50182.exe
3208	Unicorn-25221.exe
4860	Unicorn-13788.exe
4884	Unicorn-49990.exe
808	Unicorn-19948.exe
4148	Unicorn-47717.exe
5076	Unicorn-58380.exe
4788	Unicorn-25486.exe
4548	Unicorn-23478.exe
2696	Unicorn-39814.exe
2644	Unicorn-58188.exe
2768	Unicorn-59606.exe
1116	Unicorn-10405.exe
4472	Unicorn-34910.exe
2836	Unicorn-52900.exe
4756	Unicorn-33758.exe
2436	Unicorn-13892.exe
2828	Unicorn-59030.exe
1972	Unicorn-17998.exe
3092	Unicorn-22636.exe
4888	Unicorn-25974.exe
3640	Unicorn-11749.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
4368	2468	WerFault.exe	125
3476	3700	WerFault.exe	124
7340	5436	WerFault.exe	239
8056	5488	WerFault.exe	240
7932	7056	WerFault.exe	275
7592	7064	WerFault.exe	276
12040	5252	WerFault.exe	235
12020	5492	WerFault.exe	237
11968	5264	WerFault.exe	238
13272	1376	WerFault.exe	236
11720	5492	WerFault.exe	237
16360	8128	WerFault.exe	358
3680	5252	WerFault.exe	235
14872	5264	WerFault.exe	238
17348	8236	WerFault.exe	367

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3388.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16684	dwm.exe
Token: SeChangeNotifyPrivilege	16684	dwm.exe
Token: 33	16684	dwm.exe
Token: SeIncBasePriorityPrivilege	16684	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe
3156	Unicorn-41030.exe
4664	Unicorn-65158.exe
3412	Unicorn-61629.exe
2204	Unicorn-493.exe
428	Unicorn-49694.exe
1496	Unicorn-2531.exe
4752	Unicorn-46165.exe
2064	Unicorn-19814.exe
3620	Unicorn-16284.exe
4540	Unicorn-13491.exe
816	Unicorn-60654.exe
2100	Unicorn-48957.exe
2328	Unicorn-60654.exe
4232	Unicorn-3285.exe
3440	Unicorn-65070.exe
3128	Unicorn-6171.exe
1896	Unicorn-27908.exe
3036	Unicorn-23462.exe
1796	Unicorn-39533.exe
2312	Unicorn-62486.exe
3384	Unicorn-15323.exe
4708	Unicorn-17732.exe
5112	Unicorn-13093.exe
1700	Unicorn-4925.exe
4904	Unicorn-50597.exe
3048	Unicorn-31467.exe
4844	Unicorn-24142.exe
2976	Unicorn-56814.exe
1500	Unicorn-36948.exe
4340	Unicorn-25987.exe
4384	Unicorn-6652.exe
3400	Unicorn-32118.exe
2468	Unicorn-63373.exe
3700	Unicorn-63373.exe
3316	Unicorn-36076.exe
4244	Unicorn-17126.exe
4832	Unicorn-50758.exe
2988	Unicorn-65372.exe
468	Unicorn-62797.exe
2956	Unicorn-55013.exe
4164	Unicorn-25102.exe
4012	Unicorn-50182.exe
3208	Unicorn-25221.exe
4860	Unicorn-13788.exe
4884	Unicorn-49990.exe
4148	Unicorn-47717.exe
4548	Unicorn-23478.exe
808	Unicorn-19948.exe
2696	Unicorn-39814.exe
2644	Unicorn-58188.exe
4788	Unicorn-25486.exe
5076	Unicorn-58380.exe
2768	Unicorn-59606.exe
1116	Unicorn-10405.exe
4472	Unicorn-34910.exe
2836	Unicorn-52900.exe
4756	Unicorn-33758.exe
2828	Unicorn-59030.exe
2436	Unicorn-13892.exe
1972	Unicorn-17998.exe
3092	Unicorn-22636.exe
3640	Unicorn-11749.exe
4888	Unicorn-25974.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 3156	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	88
PID 116 wrote to memory of 3156	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	88
PID 116 wrote to memory of 3156	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	88
PID 3156 wrote to memory of 4664	3156	Unicorn-41030.exe	90
PID 3156 wrote to memory of 4664	3156	Unicorn-41030.exe	90
PID 3156 wrote to memory of 4664	3156	Unicorn-41030.exe	90
PID 116 wrote to memory of 3412	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	91
PID 116 wrote to memory of 3412	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	91
PID 116 wrote to memory of 3412	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	91
PID 4664 wrote to memory of 428	4664	Unicorn-65158.exe	94
PID 4664 wrote to memory of 428	4664	Unicorn-65158.exe	94
PID 4664 wrote to memory of 428	4664	Unicorn-65158.exe	94
PID 3412 wrote to memory of 2204	3412	Unicorn-61629.exe	96
PID 3412 wrote to memory of 2204	3412	Unicorn-61629.exe	96
PID 3412 wrote to memory of 2204	3412	Unicorn-61629.exe	96
PID 3156 wrote to memory of 4752	3156	Unicorn-41030.exe	95
PID 3156 wrote to memory of 4752	3156	Unicorn-41030.exe	95
PID 3156 wrote to memory of 4752	3156	Unicorn-41030.exe	95
PID 116 wrote to memory of 1496	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	97
PID 116 wrote to memory of 1496	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	97
PID 116 wrote to memory of 1496	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	97
PID 2204 wrote to memory of 2064	2204	Unicorn-493.exe	98
PID 2204 wrote to memory of 2064	2204	Unicorn-493.exe	98
PID 2204 wrote to memory of 2064	2204	Unicorn-493.exe	98
PID 3412 wrote to memory of 3620	3412	Unicorn-61629.exe	99
PID 3412 wrote to memory of 3620	3412	Unicorn-61629.exe	99
PID 3412 wrote to memory of 3620	3412	Unicorn-61629.exe	99
PID 428 wrote to memory of 2328	428	Unicorn-49694.exe	101
PID 428 wrote to memory of 2328	428	Unicorn-49694.exe	101
PID 428 wrote to memory of 2328	428	Unicorn-49694.exe	101
PID 1496 wrote to memory of 816	1496	Unicorn-2531.exe	100
PID 1496 wrote to memory of 816	1496	Unicorn-2531.exe	100
PID 1496 wrote to memory of 816	1496	Unicorn-2531.exe	100
PID 4752 wrote to memory of 4232	4752	Unicorn-46165.exe	103
PID 4752 wrote to memory of 4232	4752	Unicorn-46165.exe	103
PID 4752 wrote to memory of 4232	4752	Unicorn-46165.exe	103
PID 4664 wrote to memory of 2100	4664	Unicorn-65158.exe	102
PID 4664 wrote to memory of 2100	4664	Unicorn-65158.exe	102
PID 4664 wrote to memory of 2100	4664	Unicorn-65158.exe	102
PID 3156 wrote to memory of 4540	3156	Unicorn-41030.exe	105
PID 3156 wrote to memory of 4540	3156	Unicorn-41030.exe	105
PID 3156 wrote to memory of 4540	3156	Unicorn-41030.exe	105
PID 116 wrote to memory of 2524	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	104
PID 116 wrote to memory of 2524	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	104
PID 116 wrote to memory of 2524	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	104
PID 2064 wrote to memory of 3440	2064	Unicorn-19814.exe	106
PID 2064 wrote to memory of 3440	2064	Unicorn-19814.exe	106
PID 2064 wrote to memory of 3440	2064	Unicorn-19814.exe	106
PID 116 wrote to memory of 3128	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	107
PID 116 wrote to memory of 3128	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	107
PID 116 wrote to memory of 3128	116	a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe	107
PID 2204 wrote to memory of 1896	2204	Unicorn-493.exe	108
PID 2204 wrote to memory of 1896	2204	Unicorn-493.exe	108
PID 2204 wrote to memory of 1896	2204	Unicorn-493.exe	108
PID 4540 wrote to memory of 3036	4540	Unicorn-13491.exe	109
PID 4540 wrote to memory of 3036	4540	Unicorn-13491.exe	109
PID 4540 wrote to memory of 3036	4540	Unicorn-13491.exe	109
PID 3156 wrote to memory of 1796	3156	Unicorn-41030.exe	110
PID 3156 wrote to memory of 1796	3156	Unicorn-41030.exe	110
PID 3156 wrote to memory of 1796	3156	Unicorn-41030.exe	110
PID 3620 wrote to memory of 2312	3620	Unicorn-16284.exe	111
PID 3620 wrote to memory of 2312	3620	Unicorn-16284.exe	111
PID 3620 wrote to memory of 2312	3620	Unicorn-16284.exe	111
PID 3412 wrote to memory of 3384	3412	Unicorn-61629.exe	112

C:\Users\Admin\AppData\Local\Temp\a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe
"C:\Users\Admin\AppData\Local\Temp\a439340a8beb69c8a90c7ebe1b445594945827fe1716d355c1002be49796e8deN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 728
        7⤵
        Program crash
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        7⤵
        
        PID:14036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        6⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        9⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        9⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        9⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        8⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        8⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        7⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        7⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        9⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        9⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        7⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14323.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        7⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        6⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        6⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37318.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43379.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 636
        6⤵
        Program crash
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        7⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        7⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32572.exe
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        7⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        5⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        6⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
        9⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        7⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        6⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        6⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        6⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        6⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        5⤵
        
        PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        5⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        8⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 764
        7⤵
        Program crash
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 764
        7⤵
        Program crash
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        6⤵
        
        PID:13036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45133.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41652.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        5⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7644.exe
        6⤵
        
        PID:19440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        5⤵
        
        PID:18280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        5⤵
        
        PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
      4⤵
      PID:11524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
      4⤵
      PID:15752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
        9⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        9⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        9⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
        8⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        7⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        7⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 720
        8⤵
        Program crash
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        7⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        7⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        6⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        7⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:18176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        9⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        9⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        8⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        7⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 484
        8⤵
        Program crash
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        7⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        7⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        7⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57093.exe
        6⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        8⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 748
        7⤵
        Program crash
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 784
        7⤵
        Program crash
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        6⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        6⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        6⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        6⤵
        
        PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35531.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4453.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        7⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        7⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
        7⤵
        
        PID:19188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        5⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        5⤵
        
        PID:12340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11100.exe
      4⤵
      PID:60
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        5⤵
        
        PID:7064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 212
        6⤵
        Program crash
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-284.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        5⤵
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
      4⤵
      PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
      4⤵
      PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
      4⤵
      PID:15260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        8⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
        8⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        8⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        7⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        8⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        7⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        7⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        7⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
        6⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        7⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
        6⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
        5⤵
        
        PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
        5⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21942.exe
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        8⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        8⤵
        
        PID:16520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        8⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        7⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        6⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        7⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        5⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        6⤵
        
        PID:15608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        6⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
      4⤵
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        7⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
        7⤵
        
        PID:19204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        6⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
        5⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59780.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25390.exe
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64733.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9771.exe
      4⤵
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62838.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13773.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
        7⤵
        
        PID:19328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        5⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        7⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        6⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        5⤵
        
        PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37894.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        7⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        6⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41966.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        6⤵
        
        PID:19452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
      4⤵
      PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        5⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        5⤵
        
        PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7261.exe
      4⤵
      PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
      4⤵
      PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
      4⤵
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        5⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        6⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        6⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
        5⤵
        
        PID:18012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
      4⤵
      PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
      4⤵
      PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25459.exe
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1341.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
    3⤵
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
      4⤵
      PID:16772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55934.exe
    3⤵
    PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
    3⤵
    PID:10312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
    3⤵
    PID:15548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
    3⤵
    PID:5676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        10⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        11⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        11⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        11⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62557.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        10⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        9⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        9⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        9⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        9⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        9⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        9⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
        10⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
        9⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        9⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        8⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        8⤵
        
        PID:180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        7⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        9⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        9⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        9⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
        8⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        7⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
        7⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        6⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        9⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        8⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        8⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        8⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        8⤵
        
        PID:19404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
        7⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        7⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        7⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        7⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        8⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        7⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        7⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        6⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6708.exe
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        5⤵
        
        PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        9⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43453.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        8⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41732.exe
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
        7⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
        7⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        7⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50644.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        8⤵
        
        PID:18152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        6⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        7⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        6⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34934.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        9⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        8⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32854.exe
        8⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        8⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        7⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        6⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9284.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        6⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        7⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        5⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        6⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        5⤵
        
        PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        6⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        7⤵
        
        PID:7256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 736
        6⤵
        Program crash
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        6⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        5⤵
        
        PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        5⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        5⤵
        
        PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
      4⤵
      PID:920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        7⤵
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        7⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44862.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        7⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        7⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        7⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
        7⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        6⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        7⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        5⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
        7⤵
        
        PID:19416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        6⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        5⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        5⤵
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
      4⤵
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        6⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
      4⤵
      PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        5⤵
        
        PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
      4⤵
      PID:17748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        7⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        5⤵
        
        PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
        7⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 832
        7⤵
        Program crash
        
        PID:16360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 748
        6⤵
        Program crash
        
        PID:11968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 768
        6⤵
        Program crash
        
        PID:14872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59261.exe
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20909.exe
        5⤵
        
        PID:19288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
      4⤵
      PID:18344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
        6⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        5⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
      4⤵
      PID:17288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
    3⤵
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
      4⤵
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        6⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        5⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        5⤵
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
      4⤵
      PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
    3⤵
    PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
      4⤵
      PID:4992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
    3⤵
    PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
    3⤵
    PID:14892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        8⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
        7⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10107.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        7⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10299.exe
        7⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        6⤵
        
        PID:13676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        6⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        6⤵
        
        PID:16464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        5⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        6⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 212
        7⤵
        Program crash
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        5⤵
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
      4⤵
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        5⤵
        
        PID:5488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 636
        6⤵
        Program crash
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        5⤵
        
        PID:17104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27747.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1244.exe
      4⤵
      PID:14632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6341.exe
      4⤵
      PID:6248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        7⤵
        
        PID:19316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
        6⤵
        
        PID:16200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        6⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        5⤵
        
        PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        6⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        6⤵
        
        PID:17896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        5⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        5⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        5⤵
        
        PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
      4⤵
      PID:7628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
      4⤵
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        6⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        6⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        5⤵
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        5⤵
        
        PID:8344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
      4⤵
      PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      4⤵
      PID:18396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23643.exe
      4⤵
      PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
      4⤵
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
      4⤵
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
    3⤵
    PID:10304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
    3⤵
    PID:15556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
    3⤵
    PID:4592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        7⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        6⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        5⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        6⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        5⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        5⤵
        
        PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
      4⤵
      PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
        5⤵
        
        PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        5⤵
        
        PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
      4⤵
      PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
    3⤵
    PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54078.exe
      4⤵
      PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
      4⤵
      PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
      4⤵
      PID:7208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
    3⤵
    PID:12004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:18332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14508.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
      4⤵
      PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        5⤵
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
      4⤵
      PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4165.exe
        5⤵
        
        PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:16592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28629.exe
    3⤵
    PID:9272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
    3⤵
    PID:13320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
    3⤵
    PID:3836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
  2⤵
  PID:3880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
    3⤵
    PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62806.exe
      4⤵
      PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        5⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
      4⤵
      PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
      4⤵
      PID:8164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
    3⤵
    PID:8964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
    3⤵
    PID:13728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
    3⤵
    PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
  2⤵
  PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
    3⤵
    PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54774.exe
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
    3⤵
    PID:13696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:9876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
  2⤵
  PID:14844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
  2⤵
  PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2468 -ip 2468
1⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3700 -ip 3700
1⤵
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7056 -ip 7056
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7064 -ip 7064
1⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5488 -ip 5488
1⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5436 -ip 5436
1⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5472 -ip 5472
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5252 -ip 5252
1⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5264 -ip 5264
1⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5492 -ip 5492
1⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1376 -ip 1376
1⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5492 -ip 5492
1⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5264 -ip 5264
1⤵
PID:13888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5252 -ip 5252
1⤵
PID:14428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 8128 -ip 8128
1⤵
PID:15660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7640 -ip 7640
1⤵
PID:15908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7628 -ip 7628
1⤵
PID:14736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1376 -ip 1376
1⤵
PID:17368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8236 -ip 8236
1⤵
PID:17328

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe

Filesize
468KB

MD5
b3dbf3b9069ec4ee5a0759d158769638

SHA1
e0376b7e7c59450ba6918c78d9e0b4a2922f8e2b

SHA256
e2d081805156a8f7b6907abd9239d2e0af375e3d90170895830d58a7180a9eca

SHA512
2d60f6bddea610737a12d70840b723c75e4ff76474363e1a526e44b0f24a0377481caca383ab4b39c7c4336a8b925f6aef02346adc14b2992364036724834f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe

Filesize
468KB

MD5
5bc08a715cdfb6cc36eb2e94be426cd8

SHA1
8b1e7f8083d628ad01a377caea118a5003a1b1a3

SHA256
855ba563685c3ed45097121ac6e39adbacb319df7b3e722ef15dd7420c2a2a61

SHA512
06bb2e5e264551d46b46b47bd505746223d0e553eb590d5cb9e2d615e34c33d959c372be7f0f769b1ed74a46ce9de216437f845c9f090cbd3658a5d51c5d1256

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe

Filesize
468KB

MD5
f90d460237cffc897c673a656d29dec9

SHA1
8531e1d25d531b40d63a77a3359c768169589396

SHA256
9276e2226831b9e68a5488f43b08f9e37f15531a543331f24218473c6218225f

SHA512
68722b0e981816a63aaa954067ccc054a75c2d671086260849281a4b040e1801c20de8f55a4a70bb7b7d7af905ad86ce8f9260039cb40d4909cdf2a79e30214e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe

Filesize
468KB

MD5
5f906839b576c758e3da4f2a64aeae32

SHA1
67ffd9ce443728d18cb8b821918c4a660ef530d4

SHA256
e129bf58075807cf2619cd9920df8494d693703d623386ec78941c54388c1d16

SHA512
7f2cf553dd9e01f567e616e7964e693129fcda071c5faf66dc6aea7715c02d42e53fca746549ff61124fab4f5e67668bce174eef0d59da975d66b6e7c681e15d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe

Filesize
468KB

MD5
dc72cc5c0403a52d0330d83c1810f2eb

SHA1
9826ef6cccdcb7a00d829d53d21b186df3c2b1e2

SHA256
33b944715c2f75c99ed6ddced688a7cd86a865cfd889f5806abaa6fb828205c3

SHA512
160b1b7eb4e170c3d955c7b2b3050af91cb1ebe662a4ba230b06d589060857ca2fb5769fa5bb01d7fa2fd329d60a51c26147e3d9097c651945662b2ac9b40c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe

Filesize
468KB

MD5
b53ac99be0a3da2ccc86324073b93d32

SHA1
bf2641773b9bdd0071d03f14a372e9f453178109

SHA256
a114a6d02976f6741f4a25b9a5f2c683ce58d0db53dcce16e05d203d8c7efa91

SHA512
f33997f45668aa77b7b9d0e0e3961121115ddb09d1d9ef4f594b22e485bf6d611b1861b68e588598582b886274f0b2f78095984f6745420837169a0cbdfb6486

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe

Filesize
468KB

MD5
1d93c9617d694ac88a832324e51d5714

SHA1
b6e118cc7b48025ba363d2c983aba24ce159ee74

SHA256
7f338bb1625ca18b6b4f7079017e7aa1b2512b913e546ec78b0c94f7171c1377

SHA512
adee1f0181511b6f11776cb479003be2bea3aab01f0dfc44fe7b1d474b63bffcb10ac55b9338679e430cf28178c872a9a7943eba77f7b2916d304ce2169aa33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe

Filesize
468KB

MD5
7cedbbfe158192e78bf1f11414c889b2

SHA1
c207181669279cbe2211ea8ecd831845d16f2761

SHA256
cc0915d591d9d1651757a078b2986e5a57f39e89fd7afb7cd33e9637aac14ad6

SHA512
30479bc61f82737cbc97a51ceb55eb702d23a862a5bf46b36bcd8fc924e3fd4dec93b4c33d9c78e451f6e949dc42b7d4f6bffab5134322497a95adbba84a514f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe

Filesize
468KB

MD5
0bceab619c402e571b0f220080263e46

SHA1
574c9401cc4838a4dfc0c75a34745b7428a75a20

SHA256
0c5229a0db336d79272d3ffd05ed1506cd101279486e73daa4a29f7642e673ac

SHA512
cdae3921da15bde951b3556fd5c76882dbedbf6da29f57f13171457cf9214b4304c1c95530e9160d6b569418d0215f5c3168c7586f14499303f6af99988e2c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2531.exe

Filesize
468KB

MD5
3187ef097a31605b07e4e6679c31c77d

SHA1
a040f77858a612c043b38f59a762cda1e7440953

SHA256
0164550224731151893b97a748a908575c2a3190bd910865ea91a2bc6d823904

SHA512
d7efbd67d8518f09df4d11a48b9122909941b661679e2e64ac2d57c195d262243d570d508c58d29a51d6fb869b8b2def16106a9313c7677f79c5058113ce2010

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe

Filesize
468KB

MD5
6a25162f4cacd2a6ac661f5ff08f8490

SHA1
a55f01b5cee4fdef320481cdf11cfec6f5fad2a9

SHA256
bc28b26393489d2c5819ab63922767ad2c3e2ff9cc8441aaced2d877696f1b35

SHA512
60f4f86a85e373616711769e7fdc11c3c65edcf26cf1acfeaf89d08bf8a83de342200904e0cb55470b90b2080a59c5b4fed4e3fb68cac8c2344b96409d43b4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe

Filesize
468KB

MD5
ce24d1c994590a7a47e061aefc9081ec

SHA1
6cca14c137cdb04bffecf32512b16daa02d5e3ec

SHA256
909c28f211da6ab5b22b8255a8ce73cd2b35cf2d3b1f09396cadbddabd53a472

SHA512
ae965db43664d57d9e9114d2829ee59387f21fa2c9f67d56dab058b41caaf189c8f09bf260dc2b363da38833092a33571eb7d0d14e47654fd7fc8eeaa6654d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe

Filesize
468KB

MD5
65d80367bf99febd56e80d61b34be5fd

SHA1
d634d70a5f732722c86ec61f2dd392511bca5051

SHA256
adbf328d73e4b2015a96bc2ff5f045e64b08aa7ff0e828df256e88b356453c56

SHA512
8b245d49c20b540ad37b44badf0b58318ec6e3197fcb8db5813f3a1ff1346f3a79103d8c9c431f7df4f4b5f597682f5845b945e11a93642e55200a62ad5c6e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe

Filesize
468KB

MD5
ecf116912d6594adef3a98d8bd8aa0b0

SHA1
222d3114124491d99fb0ddfa808da7ff538bf426

SHA256
b7194b0945f583f1effd15d9c318b0f92e5a300130defe6735916c98beb07d90

SHA512
1d97e563e5d0e3fcf9584f9414789d155a40dbf43773a93ffacc8169721a2395fd9029a045aca9fadd9a846a77fa7e48d18f71f002f7b2fcfab9325b14380e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe

Filesize
468KB

MD5
7611d69999a975cd1797af25f2133fe3

SHA1
98452a8f32ad6d9014e09caa2fc30bbc193e94ff

SHA256
89526a13316ec722ffa220b367224a75cf0ab74ce8b6dc80ab235553becbbbd3

SHA512
f6854d6d39c03a1ff8012ff295667d61f5bbce1800aed0ee09b6727ad3f109a0f161e8194d68147ea5f05ef973c00a5f66495d50be6249a9a13f44133948d24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe

Filesize
468KB

MD5
76dcdcd2932b69e0e6bba455b058aec8

SHA1
d4e2ce9765eabbc7d01d6e8ac480f5e061aa3725

SHA256
ee13b5254b5ea33f7630af1a4eef807877376033fa2205c67edea449d273ecef

SHA512
1d84ef7a44bde0f15a0a31f29cf8cf6b4975668ab721a06feb533d8388cc809a6c8248a34b5435deb80800ad653d3bdafd2abbc77dc728b5036d4570acfa9fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe

Filesize
468KB

MD5
d88ae3e26d8c4b0f8c605402cb008aa5

SHA1
ea1a1902f66540028a6ec4fd495484b6559f6d46

SHA256
a7049899db9f77aa247184915768d424ccd3f9e0e0289bf690b9661cdfa41bff

SHA512
0162e2c5aa9c6c8e0afba1991c0889541b2d4efc94f02639fbbf4596f7856f033236422f0cee3eedb9aaabc8f1e6583dee43b6f1f72b80262ec4aac82a8a1b7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe

Filesize
468KB

MD5
dd6137c53d32902a7ea8e4e6988df8cf

SHA1
0335a7fca06139fe4253378a7fc9ab43aff7724b

SHA256
4e3dfded4af01b81b69f8dcb5844251f0d098d3425c69ae1ab7681b3773d818f

SHA512
9541008225d814f854785c2b33217d1e220d8217c550cf5bec29a5b40241f05e41ded63b324ee52de88dffea497d271dc82c7088c7936aeb3e525026a7ad7537

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe

Filesize
468KB

MD5
1a5746c4b05d21f0c4e4ccca1265c94f

SHA1
6cb6dc38efa10ba4007765ad788309e6f29dc557

SHA256
f38e7fa11ec05c0c4133ef14b387a914f08af97d6fdcde11b8e2b25475d788bc

SHA512
fb3d7fac02fa12726cc7a8094ad91378cb74439bd620ed78831aef28f093718deb3af0f4339cd360e72980070dce47f792e8f1b0e83565ff2362bb2beb28088a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe

Filesize
468KB

MD5
b2ed30f23ec94df778831a7206542d2d

SHA1
f46d75eb29b5b320c7d909345868280783c60caf

SHA256
56e8a29b0a0a92f98f9d0842a2e4fbc4285660ec25299b2c3eb1d3e8c01c8b85

SHA512
87f7abe266aa000fa1ff8fa5aae3686f7f5b454c4c843eb52e918f006aa67fc09bf9c229c752a7e0008f605d58fae1d84e835be5e601490eb33cf9c9e0ee86a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe

Filesize
468KB

MD5
6b73b50e7953e8e07d9971fb50a5c095

SHA1
95eec4882ade479faf7459eb35edbb0f0fd5da3e

SHA256
1df9b9693cc2869a3d3d917f9b7412317aac7d80e72f50dde08393cc12b0eef4

SHA512
30bc22873bc6a8cb3dd65cc7b2e7991bc517be6b76a0f893c90a35d070e12ff6a110bd78136e3159f10b3a508f2a5a7bffad1da86fd66fb0ad657f367c915982

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe

Filesize
468KB

MD5
1b2ca6d4010883b742c9043bdb0d40f6

SHA1
efec1c0ed6b450d2a306c78dc99b5cc591f77737

SHA256
506d5327c2360a5216473d280b5e018ae15b6b7961dd19ed877e075f5e6654a5

SHA512
5101275fad51b2317a87800ba6d808e5d1a8c31c521ae6d917f619132dde507575716659b10f690f493dc2febdfb4285aadd7e680a881c4c6dd2977f8726d28a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe

Filesize
468KB

MD5
2b520c6c17f65312ce5f76c6c72cef84

SHA1
3ff7d31575fc9341814628c93b662b8eb0e7c645

SHA256
720e77ddf9dd21f1c78e4831cb52c1e82093fc70eeacdba0766f7262104ae0da

SHA512
d51322315c284e75415405c4d86f8c04dfc599a7ee93fde104b1dce9ce8b0ab5313611a0106bd900f2b348b9c1f0eeba722cd3ab67b06c665436c56df6b04e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe

Filesize
468KB

MD5
f06a27d82c9c40720556c58cfd9bd28d

SHA1
1f663ec3576fff849876804288066fbd239c7011

SHA256
ef612a3ce2cc58b1be713b1c73d86bcce1eff4158024db5d7d20beca0303d54f

SHA512
8c276b6d5ac9505a8f87274edd00b4f4cf97508a816eaa24b8908aaa00c8dfad85243512d68c4997dd497df700ab73bd018fb308df316d1937c217fda971553e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe

Filesize
468KB

MD5
bec2f090b86b85a8f9ba954b1a310bb9

SHA1
801ebcc56f2fbd86c28297a56e260ac30bf6750a

SHA256
1a2da5113fcdd64f4bb8d36281081494178287a153b86deed79d662cfd39d424

SHA512
60e812dd98468d7e3c33f96fbe8de4dfb2fbd18a2353c051c75546ef26ad22fce86b120963a28684bb0a667353f18cf88a3c6aec2460c089ed9a3a54deb79417

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50597.exe

Filesize
468KB

MD5
b042fa74b96dd00d831176060bb43981

SHA1
255a04a4fd5f9efb7b71a23a6a0676e0872fe4b4

SHA256
0bdd6794f0a40503bda61c0633d792ce69369db3a6bcdb848e8cbde646d04877

SHA512
491d46a39925aa33eaa600b2b7f40196d2feedee93cf35fced15f097b2ac367ac3dad0667aab9245354b94ab3ee739f0cc2745185654733d0ea846a1896e21b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe

Filesize
468KB

MD5
751b34868eff89e3d5788bc1d51fd40a

SHA1
0313953a3bc8bbefe131fd5e844619218277a305

SHA256
6cde8cd972db8efa485d0c979d941a4a368e82e86eca4ee716c4668ab22aa9b4

SHA512
167c03ad4bb7956c4edaf9314b1f36e205bd25ebcb85e4657a09b9465e350c1a1cde2aa5593a59dcd58f4622ff041d4790ce2888a30e3ba6a0bf7ea3f77b6540

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe

Filesize
468KB

MD5
791d905765b1ca9b438da2bb3834ba7d

SHA1
915587b59ae9737de348d9acede373aefb8f8682

SHA256
9e5d30a62e40e4994a85081a86d5c102c5f5f6ab310fd2cf59eb10ddabb7e959

SHA512
ad55a4aaa3fc459feb7bfb4db4d23bf2bc809aac9281da2943fb3700bbd38253a2ceccbfc95501ec1975dbbf4a8d27d352c06c2a0c68b4798513f6e7528c364c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe

Filesize
468KB

MD5
245c3da1a090e84b0a4c992ec07859b3

SHA1
b14fe1a921967d2f368c893fa2fde51887bec9e6

SHA256
97d5af2beed97941ef3417c704826f753495648caeb89f1ee79d169f21f4f069

SHA512
07dff06dc26328c81324b0d6d0b7e8107deba28380980e66dba65b62862e680fde47b498531a1f93c34efe881a088ccfbafaa91da6966b5ab938c166fd477064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe

Filesize
468KB

MD5
ea67aadd0e814f938e18896287ff594a

SHA1
bc33a134d56c1ef60e92b5baefee97b9a1509985

SHA256
948fc63e86c23f72f2a7c2bd02136ea887335e09d50e33009982493b8f088879

SHA512
4897afb4152f9b36e196711da5a1ab02b57c54650f11993421467232089e4120f2a804cc2f435ff9ef1315dbe089c6ed8158f91ca0efe3c15d7b7b294f768231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe

Filesize
468KB

MD5
daa9470d538df784a9722f9f83ede5e1

SHA1
fc425620c026540aec31b73f535a4431d4826d4f

SHA256
e7008ebd662c1fe317625e99ee2b3e4555fce69bd959227d94695857fc2212cd

SHA512
807eeae4fa6d194cd4b5ae1ffbf59213e121df7163c965a21bbeec8f216d48502aed1a9a2ede2739ecdb1560ecb7a502e5941ba886c2f1e702d68c2ba44cee4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe

Filesize
468KB

MD5
0a2f310bc94c992b784a693b0442a7c8

SHA1
d286202069ef689d2519ea35df841265a09598cf

SHA256
2641a8afb00dc4dd8e63baa8e487a1583ad10ffe1059c706456fa5612ee0876e

SHA512
9974bdf54071d9379b6c8019777be41d17d0dccf6c78ef32e87255860f4c744a35892f353e1b5951ac61fc263cbc24c4926a0f46148d7aa520b4e4e833df30f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe

Filesize
468KB

MD5
b7ad10b39c77475e2686ade90d860e5c

SHA1
fc2bc97980d94a8096143277c1cf3e6fbe3ab45c

SHA256
0ca454a020a598d047e9ebbf961dd7a9709cd3fad95b01b23f17ee2e1d72bc9d

SHA512
808e5d5d9674f1b7da52db60ac2ea002ca57901dd2fb0fb9cd78214d1a71aaf6e6f2b7e053caa4a0dd768db6f16fd305bac64847df0ea44b26df635f87023496

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads