800b9a9e37bf656e51c664134aad7de2b454de7f143567b51544548f55e1b976

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
Size

192KB
MD5

d9ce1987673fe0f287db6568b18c4f79
SHA1

5230163befae8cdbf30c3591076be778c3167ab5
SHA256

13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135
SHA512

6aa08fca086b7584c626d2e8eaccae703acfa1523a7b7568237a4b6702a6f651445c4b34082835f7c86b42e26b77c9471b3d00cef847b48f593bcc8fcd41cdf2
SSDEEP

3072:HpDnoiLb0ZNN2H0boKxwXJEbFnwMgxINxnxHvk8Oxlv1p1R:HpLozjN2YoqwXJ9GZ8xlv1p1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2020	Unicorn-11810.exe
2756	Unicorn-181.exe
2792	Unicorn-11042.exe
2984	Unicorn-22823.exe
2652	Unicorn-45936.exe
2572	Unicorn-4348.exe
2896	Unicorn-32143.exe
1704	Unicorn-28805.exe
2420	Unicorn-52755.exe
3056	Unicorn-10331.exe
2400	Unicorn-30197.exe
1316	Unicorn-32226.exe
2988	Unicorn-16636.exe
996	Unicorn-52838.exe
2140	Unicorn-34172.exe
2172	Unicorn-11613.exe
1980	Unicorn-61369.exe
2156	Unicorn-30642.exe
1352	Unicorn-23866.exe
1532	Unicorn-15095.exe
2416	Unicorn-20803.exe
1760	Unicorn-40669.exe
1516	Unicorn-4597.exe
2260	Unicorn-19542.exe
2480	Unicorn-30171.exe
1728	Unicorn-61452.exe
108	Unicorn-36393.exe
2000	Unicorn-40477.exe
892	Unicorn-28779.exe
1912	Unicorn-53305.exe
1564	Unicorn-53305.exe
1544	Unicorn-14965.exe
2056	Unicorn-49989.exe
2832	Unicorn-3289.exe
2708	Unicorn-35407.exe
2660	Unicorn-56019.exe
2592	Unicorn-40237.exe
2500	Unicorn-64187.exe
948	Unicorn-41629.exe
2020	Unicorn-41629.exe
880	Unicorn-22303.exe
1224	Unicorn-65282.exe
2992	Unicorn-44307.exe
2876	Unicorn-25833.exe
2928	Unicorn-29917.exe
2916	Unicorn-25833.exe
2912	Unicorn-56922.exe
2812	Unicorn-38447.exe
2980	Unicorn-944.exe
2924	Unicorn-5775.exe
1936	Unicorn-48754.exe
2316	Unicorn-2781.exe
696	Unicorn-46507.exe
848	Unicorn-15609.exe
1336	Unicorn-42998.exe
1788	Unicorn-56642.exe
2060	Unicorn-3720.exe
1988	Unicorn-38722.exe
1252	Unicorn-5303.exe
1744	Unicorn-63227.exe
1240	Unicorn-21640.exe
1676	Unicorn-46720.exe
2688	Unicorn-1795.exe
2672	Unicorn-22216.exe

Loads dropped DLL 64 IoCs

pid	Process
2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
2020	Unicorn-11810.exe
2020	Unicorn-11810.exe
2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
2756	Unicorn-181.exe
2756	Unicorn-181.exe
2020	Unicorn-11810.exe
2020	Unicorn-11810.exe
2792	Unicorn-11042.exe
2792	Unicorn-11042.exe
2984	Unicorn-22823.exe
2984	Unicorn-22823.exe
2756	Unicorn-181.exe
2756	Unicorn-181.exe
2572	Unicorn-4348.exe
2572	Unicorn-4348.exe
2792	Unicorn-11042.exe
2792	Unicorn-11042.exe
2652	Unicorn-45936.exe
2652	Unicorn-45936.exe
2896	Unicorn-32143.exe
2896	Unicorn-32143.exe
2984	Unicorn-22823.exe
2984	Unicorn-22823.exe
1704	Unicorn-28805.exe
1704	Unicorn-28805.exe
3056	Unicorn-10331.exe
3056	Unicorn-10331.exe
2400	Unicorn-30197.exe
2400	Unicorn-30197.exe
2652	Unicorn-45936.exe
2652	Unicorn-45936.exe
2572	Unicorn-4348.exe
2572	Unicorn-4348.exe
2420	Unicorn-52755.exe
2420	Unicorn-52755.exe
1316	Unicorn-32226.exe
1316	Unicorn-32226.exe
2896	Unicorn-32143.exe
2988	Unicorn-16636.exe
2896	Unicorn-32143.exe
2988	Unicorn-16636.exe
996	Unicorn-52838.exe
996	Unicorn-52838.exe
1704	Unicorn-28805.exe
1704	Unicorn-28805.exe
2140	Unicorn-34172.exe
2140	Unicorn-34172.exe
3056	Unicorn-10331.exe
3056	Unicorn-10331.exe
2172	Unicorn-11613.exe
2172	Unicorn-11613.exe
2156	Unicorn-30642.exe
2156	Unicorn-30642.exe
2400	Unicorn-30197.exe
2400	Unicorn-30197.exe
1980	Unicorn-61369.exe
1352	Unicorn-23866.exe
1980	Unicorn-61369.exe
1352	Unicorn-23866.exe
2420	Unicorn-52755.exe
2420	Unicorn-52755.exe

Program crash 21 IoCs

pid	pid_target	Process	procid_target
2612	2800	WerFault.exe	166
2832	992	WerFault.exe	188
2640	2056	WerFault.exe	233
1612	2700	WerFault.exe	268
1056	1856	WerFault.exe	324
2816	2440	WerFault.exe	309
1796	844	WerFault.exe	308
1660	868	WerFault.exe	378
900	1916	WerFault.exe	356
1032	1020	WerFault.exe	399
2008	2796	WerFault.exe	366
2172	2416	WerFault.exe	401
700	1352	WerFault.exe	425
2184	996	WerFault.exe	445
1320	1036	WerFault.exe	444
3036	112	WerFault.exe	505
2844	2956	WerFault.exe	506
2392	2840	WerFault.exe	507
1384	1484	WerFault.exe	490
2340	1472	WerFault.exe	478
2180	2608	WerFault.exe	500

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22660.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
2020	Unicorn-11810.exe
2756	Unicorn-181.exe
2792	Unicorn-11042.exe
2984	Unicorn-22823.exe
2652	Unicorn-45936.exe
2572	Unicorn-4348.exe
2896	Unicorn-32143.exe
1704	Unicorn-28805.exe
2420	Unicorn-52755.exe
3056	Unicorn-10331.exe
2400	Unicorn-30197.exe
1316	Unicorn-32226.exe
2988	Unicorn-16636.exe
996	Unicorn-52838.exe
2140	Unicorn-34172.exe
2172	Unicorn-11613.exe
2156	Unicorn-30642.exe
1980	Unicorn-61369.exe
1352	Unicorn-23866.exe
1532	Unicorn-15095.exe
2416	Unicorn-20803.exe
1760	Unicorn-40669.exe
1516	Unicorn-4597.exe
2260	Unicorn-19542.exe
2480	Unicorn-30171.exe
1728	Unicorn-61452.exe
108	Unicorn-36393.exe
2000	Unicorn-40477.exe
892	Unicorn-28779.exe
1564	Unicorn-53305.exe
1544	Unicorn-14965.exe
2056	Unicorn-49989.exe
2832	Unicorn-3289.exe
2708	Unicorn-35407.exe
2660	Unicorn-56019.exe
948	Unicorn-41629.exe
2020	Unicorn-41629.exe
2500	Unicorn-64187.exe
2592	Unicorn-40237.exe
880	Unicorn-22303.exe
1224	Unicorn-65282.exe
2992	Unicorn-44307.exe
2876	Unicorn-25833.exe
2928	Unicorn-29917.exe
2916	Unicorn-25833.exe
2912	Unicorn-56922.exe
2812	Unicorn-38447.exe
2980	Unicorn-944.exe
2924	Unicorn-5775.exe
484	Unicorn-25641.exe
1936	Unicorn-48754.exe
2316	Unicorn-2781.exe
696	Unicorn-46507.exe
848	Unicorn-15609.exe
1336	Unicorn-42998.exe
1788	Unicorn-56642.exe
2060	Unicorn-3720.exe
1988	Unicorn-38722.exe
1252	Unicorn-5303.exe
1744	Unicorn-63227.exe
1240	Unicorn-21640.exe
1676	Unicorn-46720.exe
2688	Unicorn-1795.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2020	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	30
PID 2624 wrote to memory of 2020	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	30
PID 2624 wrote to memory of 2020	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	30
PID 2624 wrote to memory of 2020	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	30
PID 2020 wrote to memory of 2756	2020	Unicorn-11810.exe	31
PID 2020 wrote to memory of 2756	2020	Unicorn-11810.exe	31
PID 2020 wrote to memory of 2756	2020	Unicorn-11810.exe	31
PID 2020 wrote to memory of 2756	2020	Unicorn-11810.exe	31
PID 2624 wrote to memory of 2792	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	32
PID 2624 wrote to memory of 2792	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	32
PID 2624 wrote to memory of 2792	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	32
PID 2624 wrote to memory of 2792	2624	13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe	32
PID 2756 wrote to memory of 2984	2756	Unicorn-181.exe	33
PID 2756 wrote to memory of 2984	2756	Unicorn-181.exe	33
PID 2756 wrote to memory of 2984	2756	Unicorn-181.exe	33
PID 2756 wrote to memory of 2984	2756	Unicorn-181.exe	33
PID 2020 wrote to memory of 2652	2020	Unicorn-11810.exe	34
PID 2020 wrote to memory of 2652	2020	Unicorn-11810.exe	34
PID 2020 wrote to memory of 2652	2020	Unicorn-11810.exe	34
PID 2020 wrote to memory of 2652	2020	Unicorn-11810.exe	34
PID 2792 wrote to memory of 2572	2792	Unicorn-11042.exe	35
PID 2792 wrote to memory of 2572	2792	Unicorn-11042.exe	35
PID 2792 wrote to memory of 2572	2792	Unicorn-11042.exe	35
PID 2792 wrote to memory of 2572	2792	Unicorn-11042.exe	35
PID 2984 wrote to memory of 2896	2984	Unicorn-22823.exe	36
PID 2984 wrote to memory of 2896	2984	Unicorn-22823.exe	36
PID 2984 wrote to memory of 2896	2984	Unicorn-22823.exe	36
PID 2984 wrote to memory of 2896	2984	Unicorn-22823.exe	36
PID 2756 wrote to memory of 1704	2756	Unicorn-181.exe	37
PID 2756 wrote to memory of 1704	2756	Unicorn-181.exe	37
PID 2756 wrote to memory of 1704	2756	Unicorn-181.exe	37
PID 2756 wrote to memory of 1704	2756	Unicorn-181.exe	37
PID 2572 wrote to memory of 2420	2572	Unicorn-4348.exe	38
PID 2572 wrote to memory of 2420	2572	Unicorn-4348.exe	38
PID 2572 wrote to memory of 2420	2572	Unicorn-4348.exe	38
PID 2572 wrote to memory of 2420	2572	Unicorn-4348.exe	38
PID 2792 wrote to memory of 3056	2792	Unicorn-11042.exe	39
PID 2792 wrote to memory of 3056	2792	Unicorn-11042.exe	39
PID 2792 wrote to memory of 3056	2792	Unicorn-11042.exe	39
PID 2792 wrote to memory of 3056	2792	Unicorn-11042.exe	39
PID 2652 wrote to memory of 2400	2652	Unicorn-45936.exe	40
PID 2652 wrote to memory of 2400	2652	Unicorn-45936.exe	40
PID 2652 wrote to memory of 2400	2652	Unicorn-45936.exe	40
PID 2652 wrote to memory of 2400	2652	Unicorn-45936.exe	40
PID 2896 wrote to memory of 1316	2896	Unicorn-32143.exe	41
PID 2896 wrote to memory of 1316	2896	Unicorn-32143.exe	41
PID 2896 wrote to memory of 1316	2896	Unicorn-32143.exe	41
PID 2896 wrote to memory of 1316	2896	Unicorn-32143.exe	41
PID 2984 wrote to memory of 2988	2984	Unicorn-22823.exe	42
PID 2984 wrote to memory of 2988	2984	Unicorn-22823.exe	42
PID 2984 wrote to memory of 2988	2984	Unicorn-22823.exe	42
PID 2984 wrote to memory of 2988	2984	Unicorn-22823.exe	42
PID 1704 wrote to memory of 996	1704	Unicorn-28805.exe	43
PID 1704 wrote to memory of 996	1704	Unicorn-28805.exe	43
PID 1704 wrote to memory of 996	1704	Unicorn-28805.exe	43
PID 1704 wrote to memory of 996	1704	Unicorn-28805.exe	43
PID 3056 wrote to memory of 2140	3056	Unicorn-10331.exe	44
PID 3056 wrote to memory of 2140	3056	Unicorn-10331.exe	44
PID 3056 wrote to memory of 2140	3056	Unicorn-10331.exe	44
PID 3056 wrote to memory of 2140	3056	Unicorn-10331.exe	44
PID 2400 wrote to memory of 2172	2400	Unicorn-30197.exe	45
PID 2400 wrote to memory of 2172	2400	Unicorn-30197.exe	45
PID 2400 wrote to memory of 2172	2400	Unicorn-30197.exe	45
PID 2400 wrote to memory of 2172	2400	Unicorn-30197.exe	45

C:\Users\Admin\AppData\Local\Temp\13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe
"C:\Users\Admin\AppData\Local\Temp\13247d9a0768743fdb7d6f3fa09bb35434d8c5087ceb37cc8aa3971cfd534135.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15095.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        12⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        13⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        14⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        15⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        16⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        17⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
        19⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        20⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        21⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        9⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        12⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        15⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        16⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        17⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        18⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        19⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        20⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14301.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        11⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        15⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        16⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        17⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        18⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        12⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        13⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        14⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        15⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        16⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        17⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53881.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16190.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        11⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        13⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        15⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        16⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        17⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        18⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        12⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        14⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        16⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        17⤵
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        11⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
        15⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
        16⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        17⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62115.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37331.exe
        19⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        11⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37154.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        14⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        16⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        17⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
        18⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        13⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        16⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
        17⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        18⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5597.exe
        19⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        14⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        15⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        16⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        17⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 220
        18⤵
        Program crash
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        11⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16246.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        14⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        15⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        16⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        17⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
        18⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        19⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        20⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
        19⤵
        Program crash
        
        PID:1384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        18⤵
        Program crash
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        17⤵
        Program crash
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        16⤵
        Program crash
        
        PID:1660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
        15⤵
        Program crash
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        14⤵
        Program crash
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        13⤵
        Program crash
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
        12⤵
        Program crash
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        11⤵
        Program crash
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        12⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        13⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        14⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
        16⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        17⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        12⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        14⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
        16⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        17⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        18⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        14⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        16⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        17⤵
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        12⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        14⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        15⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        16⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        17⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38722.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16653.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        10⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        11⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
        13⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15774.exe
        14⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        15⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        16⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
        17⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        18⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        9⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        10⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4652.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        13⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        14⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        16⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        17⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        11⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        14⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        15⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        16⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        17⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        18⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        17⤵
        Program crash
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        16⤵
        Program crash
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        15⤵
        Program crash
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        14⤵
        Program crash
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23813.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        9⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        12⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        14⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
        15⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        16⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        17⤵
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32198.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        13⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        14⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        15⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        16⤵
        
        PID:112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        17⤵
        Program crash
        
        PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51650.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
        13⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        14⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        17⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        18⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        11⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        15⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        16⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        17⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        18⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        19⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        12⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16101.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        15⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        14⤵
        Program crash
        
        PID:900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        13⤵
        Program crash
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19070.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        10⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        13⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        16⤵
        
        PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        5⤵
        Executes dropped EXE
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        7⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        8⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        13⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1046.exe
        14⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        15⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        16⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        17⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        18⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57065.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        12⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
        14⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        15⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        16⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22660.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        10⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        11⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        14⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        15⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        16⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        17⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        15⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        8⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31290.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        12⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        13⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44840.exe
        16⤵
        
        PID:2556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        9⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        12⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        15⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
        16⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
        17⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        13⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        15⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
        17⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        18⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        19⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
        11⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        12⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        15⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        16⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37227.exe
        17⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        18⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        15⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        16⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        11⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        12⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        13⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        14⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        16⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        17⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        18⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        19⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
        9⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        10⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        12⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        15⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        17⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        12⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        13⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53428.exe
        14⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        16⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        17⤵
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
        7⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        12⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        13⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        15⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        16⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        17⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4104.exe
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51842.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        10⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        11⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        12⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
        14⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        15⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        11⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        12⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        13⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 220
        14⤵
        Program crash
        
        PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13938.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
        12⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
        13⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        15⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        16⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        17⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        12⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        13⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        14⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        15⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
        17⤵
        Program crash
        
        PID:2180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        16⤵
        Program crash
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36775.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        13⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        15⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        16⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59167.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        12⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        13⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        15⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12058.exe
        16⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53959.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51051.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16765.exe
        12⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17772.exe
        13⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        15⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
        16⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        17⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        18⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
        12⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        14⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        15⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        16⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        17⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14514.exe
        7⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45109.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        12⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        14⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5929.exe
        15⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        16⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        17⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        18⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        6⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        13⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        14⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        15⤵
        
        PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe

Filesize
192KB

MD5
70ac97bb7918acf3745e25a4b3601662

SHA1
4c3f1fb8039a8bab1258548acb6cbd49cb2945ba

SHA256
2b137a90181289a606edf7ded24c79f3e2b96331398dc703008bd3cd6502b69d

SHA512
cd0bab1c15a9431225a5e8b1bd77c8dd15b4f809ce31f812b209eb7f2c618c37faccd7b7820a457f044f0f5fe6aa4189ddbd5732dd136f033cd111b9d93fba8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe

Filesize
192KB

MD5
5fe254c3a06f7bbaad0efa22c7e11581

SHA1
bdb9ad7ba2cfa51034a2ec5f8bb66496c56dcc76

SHA256
5c0ab50f9ce137342d4188cd746cb40e56aaac480f147a5a64528d1a33b82409

SHA512
f6cdd41028e96f85dd7fe85f84eeab18a7e214252625027068f56dc540c137508a78e89e6bc8645de0cf1957a42239f43ff694bd0d3e05ecb09acfec3f81fa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe

Filesize
192KB

MD5
7dd35351e4f1965f99c7352f7e6cf0d9

SHA1
3b539b85ddb004be67173f28169292d8d59cfc10

SHA256
f1aa2bf07f7d255ec7b07e5cc96ac7491c92686bb7951d504cd8c4dd2ca96e34

SHA512
57e97cceb89daf3c28472fef1b603277b3496558451d4727f03e57bea279821b6901bd2d519d5f7039c068343ae5c18fcc3c2c7dd6b271c15ff668c309747e02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe

Filesize
192KB

MD5
d687d5e1499f7562fc7d745bea73bec5

SHA1
46f873fba965e429d813af08c19b0a4c09101529

SHA256
ba2f5d53f2e58ccc80ddebfc012daf8cd733b8e1e600b89538e802d909df0627

SHA512
a5f1730e7338f51bdb39124f093f2edfecf225a65c3f053790d550b1cd248b0d7249d04031777b79cf20bcfa9685ce3b1f2ae3180be5e2ffc980c8aa2e6dc00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe

Filesize
192KB

MD5
7ae5992ef583130395cff5d4c4da04b2

SHA1
07c6b96fadccc06526e44ddaf16d10f4e3983b78

SHA256
264ad8d95392d7ca3600b028f309474207b71cb75a73ea9b4d557ba887f14a33

SHA512
bb57b4a766d76558d0bf27f1bb991eed77ac709dee54abda5cfac90675ca23cee04529bb6653e864ec3772fb7c4c3d57ecda9655f128dbbef5c83cebc9addd4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe

Filesize
192KB

MD5
694cc4518e743517b49de9b653919df1

SHA1
e977fcd7509483ff89f185a1c610c4862a17a1ed

SHA256
794e3bc28ea3990fcccc6981c9300fc7f49045ecccb23643f23c149519a5e104

SHA512
b0a7ea7ed129f42e504a9f51eb71d16ad3e23ad76a192bfca84ff51d4e6ea4a9db0d7c1d2ef949422d6d0f16d2908df0eb1c775d9fe3d6fbda14c6ebb66e779d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe

Filesize
192KB

MD5
867894dbd3c780336a7ae2c57e877f8d

SHA1
3d67bf85ac937565a6cd95a3e4a02f3d49b55b8a

SHA256
0655f8df973b05d671763fdccb5cca76015af4fc416a3476357f6d31d777f7ad

SHA512
86919c691fa57d747121ee34523b73a8a3007727acc5558b835fb6e31cefa48debc24eb048e7e594c3a519133a7021d47358cabbfdbfbfc7f59db6210f56a6c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe

Filesize
192KB

MD5
e003d0d2d12f27e6740f99829b3665c0

SHA1
6dfa67348fd8e275e384bd9d5aefbd5e43b581f1

SHA256
f1e86969929df73b6dfaa983f6d9913fac5622fa94f5733d3abba45b84ccfd6c

SHA512
e664e75fd887c58eea9282e2e14ec0dd381bbd464b333ab2123ae4f0d761510a28b2eed5cd59c76207d670c379be2c6b46fc2716fd2fa2868d8bad166a04903f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe

Filesize
192KB

MD5
6646a1bf484e84e7f19e13f4f5358296

SHA1
54cd8ebadcdd7e13e4dce055f35f57b283c90b45

SHA256
593a88d4941243e89124506e97305d40548f637e7796c30dc5ae8cee44be7efa

SHA512
b87764f49e4bd6a5f047c950383a4998e8ba786b17f8e258a77feb59fb1c7e5cff885f54b4a275db78ab3cb7631293239a4ffab51156879a89b56b8645511b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe

Filesize
192KB

MD5
f9eba79a9710761ae289ecf89345b129

SHA1
199ec66fa57eee514374709ef945c2806095f7d6

SHA256
7e2885e859e414bbb76f1068e239650f71f36ac5501b3f1a4995eefa7a231028

SHA512
bea9349bbec5c033ddeb28ea5edd8e23fe21685f0cab1793e6c3e6908e66bb662e0010d4c9272a1035465061b3e361ac08821311c08aac6639a5352237984397

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe

Filesize
192KB

MD5
3916b23105042e218f3908f388eeeb47

SHA1
c9283868fc9c041c78d142378c334d1fc87c0eaa

SHA256
56c245aae2ef9c8b82c6222ac128a53e52269d54df1225bcf8c298ac69c16166

SHA512
177f5ac9e8adecc5dc8abe40e9fa674bcbd669a4da78f0899b75b28f12dec971c822f4a9ff25764bc4494c51f58b40e8ddf61ec1a69d2af5d3b2369fe8f5b540

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe

Filesize
192KB

MD5
5d4bce1967078a7149ba841405252a91

SHA1
eb1a34ca7b28e96f45335597075452c18834839c

SHA256
f2f7c76cfc5041eccff711d59bf12682dca1976ca5ebaec315707489d172a049

SHA512
34b90151a5a5e4bf65ad3b500bd604767e8a58caa68d45f79fbfac8bbfff676f37aa03f079e2df20c90d978aff91f16086433a8016d52b9301802073ec95e1c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe

Filesize
192KB

MD5
c714d95f7ff49d96c10b6d3d4e3c7c28

SHA1
629d17e3d17971dd28b76d2be26e7323b5985fdb

SHA256
3b4d37b2effb648465bc3ab0e26d506a69a6b7d13114f9bb412f2ec8be5488e7

SHA512
2bd898a1f9e0ae9ee3e07b52f3bf10f46614669131fa9779b1a1f2330a2f6cf5e0c62df086ccdd2749f30443d026a874e0a1bd5674c59992d078e4921a2a3029

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11613.exe

Filesize
192KB

MD5
be58bbcb2c78742a0edf867e537210b3

SHA1
6b370b66c3c451026d12c7fbd0aa7f6c9adb29e6

SHA256
db073e631b78a313722de961fddc82c843c322aa29d0414f1e4191c8a300f2ce

SHA512
d04ebf69793ae846c2b392614e6bac774e737273bc94a0b3d451c7a53bad174bb8c3c623fd333dcb747cecfee8f34ec26bc050a4bdee481363e9d79442c9dd93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe

Filesize
192KB

MD5
3731241ea6626dbb0bc8c7b1cd3fb2a8

SHA1
981d096876b64a9b8b3e5e05c12836549e5f7517

SHA256
3b36bf77477b602f69f3b92a4d7fd442c06cf9abbdb9aade38311f4622658b67

SHA512
49ce57ff6eb341bfeba994a35fe7a3e11b047c13a401d907c67c12d2415d8655e047442a1e7be197a0ecbb9ee491ed2d0b72e6587a5d2524ceca75c1b9d488d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe

Filesize
192KB

MD5
b0a4e5658a9bbbb2e5dd688424ed836c

SHA1
179f116512b11ac554119ac0e161920d2cfb547a

SHA256
ebf96f2a09b4d8a851dc118885134531b29ca2fe99362f6aaf81cc8de7fb23a4

SHA512
a45c42ebd8de76aa2ab103e4b58b68284a18410dcd179768aaade1dd8313443bd2ad735b6c69550ad6728572b5df32c8e59fc7dd30bf4dbd2c5aa47ed13c3ae0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-181.exe

Filesize
192KB

MD5
0bc3f191c694655f730179b693fdf7a5

SHA1
62eba2c463906bcb85e8e367ee9c7af302a61d4d

SHA256
9ec55c545932b3e10d3c241249cf6618e5b95a8443d98c2519966bde0009b4c6

SHA512
bc12e94e694567ea0ef41013ee6b2cd234630fd0168f273f810824b0b12a4fb340d41ad9437bc3d44219d37fa8e808752ef8c058add2405f40cd8f81342278dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe

Filesize
192KB

MD5
83c11e8c39248b294f9509351236f18b

SHA1
3ee5c050abae4112c2d78051aaedd0d6c9af2f48

SHA256
0569e11fa2f04a0ec3d69bf2a6a8d565a43c7120fc0227ac1e63035d009daee3

SHA512
ccee4da7542eeeb474b62ed08d7ac5feebc8065be1de0c9854ce074d6f4cfefc693d3c3d7da1eaf80193b2a659db8b85d911103de5b6737858f5fe4fb42b42ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe

Filesize
192KB

MD5
8e90aa3a7517c334e5426c10672061ec

SHA1
0e3a06925e602ba879f052427619d840cbb2e0fe

SHA256
852ea9706310162a7e55cf697e447077d4951b919876437a8fe39da1caf7e5a4

SHA512
d374a94f1042c3726f69150eff8ca5d0107ea17a9461af7d768ba80aee4fd9124a324bae75cfb6fee5395dfb89039ed4a99b7545b764e4754e7d3c53002ee432

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe

Filesize
192KB

MD5
5cdb01973173d85bdf405e73b5416f08

SHA1
9c6d0803c1a94ac42f8652c56fe6ccbc660bf740

SHA256
5fa82af95168e46da6f38b99f97c07e8a498ed0a4e893b98b6a6da0413fec91d

SHA512
1675418e9378af2768e13aad343f6cc58041e9fdd3347fd7dcf084122aab5166258dcc92ce9f8900d2e0899f9612ca0643250f7684ff59e33c1bc7f032ff2d05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe

Filesize
192KB

MD5
23af0de8aeb3e249e89158675e6b1c86

SHA1
6dd1bc310ac7ab5c1ec9125af0194398ec5116bd

SHA256
921ef7bd5049cb12bff920a326ba12f1a14fab47d13ce75493204dde9c1f6336

SHA512
cc4a57933313e71b0553dc9fee7a7884c100c85d709e338e2eaa019ea3b6fe687c209eea8311510e114822777ad249fbeaaabe247767555b4186b6e9bbeb18e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe

Filesize
192KB

MD5
ee3c83c178c3c9f7f70b77cbc22931c4

SHA1
6e7166d8da4313bae29da3f7142cbb275d769fc8

SHA256
c9dbbab4474eac349c6fa0a57951a9ae133bdd5fa346b2fdd78c091b870a532c

SHA512
08810259abe7639f5b44ae92b24e49b2f3c7a8a5e33a956992f409a8d789e39e81f531b5cb34987f5ab23f017aa93723ab3177e4cc6038a012c8ed3a1e0fab22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe

Filesize
192KB

MD5
ebe3035986186372d7430142555569ca

SHA1
a1f6ce1259de76913fdfeb761707d9fef3a168e5

SHA256
7a41663fdc9601c38d01770782f277e152e577a1a12bc588181c6b96d0c7e82a

SHA512
c1d11fc289924c3320d9250a5b1a41a1338b279bb37aa4b9ae132bed67251e8fa9fd6b33dbb18e7e056ba71ba601f345fae63bdd9eb204804061627492fb367a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe

Filesize
192KB

MD5
50c8c0e48edbea595ac8d38edb4e3cc8

SHA1
8609ca900b463d5bf17587a807277088af9ab625

SHA256
7fd0aecfee1de24a7a875d0f19ed3260525879f5a8a8043d74ffecbf6d999463

SHA512
a70c40dbce75f58f5437e9ebcbbd7e1b71bc545bd04e883de6d0012069736a3dbe1329ca638d43a9db4f35a608b2ade4ad8400a6936afc678f1ce04a3c335c27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe

Filesize
192KB

MD5
5502406a6d1c03b21e2ddf1413dc41bc

SHA1
0bc245b889e51bd6211c177e0c237ecbaa99d39d

SHA256
eb256c0a919de099445418e52a535dda4ef29f8767fee2269d687c0fb0899a8d

SHA512
820222a0b6d1695ebc1777d8f2819f4b3a51bbf70048e6d2b4694dd8bceba0d90ec94e2400c4ee3ae30f1403682ae904769acaeb2198430dffce7e9331535a55

Download Submit
memory/1912-757-0x00000000777E0000-0x00000000778DA000-memory.dmp

Filesize
1000KB

Download
memory/1912-758-0x00000000024E0000-0x00000000025F0000-memory.dmp

Filesize
1.1MB

Download
memory/1912-759-0x0000000002380000-0x00000000023AE000-memory.dmp

Filesize
184KB

Download
memory/1912-756-0x00000000776C0000-0x00000000777DF000-memory.dmp

Filesize
1.1MB

Download