53c09cbcc118481aafa88932fbbc8936bba52c5cea09becb6fbe6d7a12437146

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
Size

192KB
MD5

e4261e8e5b2bdb55734426746dd642e5
SHA1

76b7c842ee09faae6e6292be2f4f4fa17dbb488e
SHA256

dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd
SHA512

a0fd075ab679d5a303bd07e38bfc74e77ed02e71acc71a371076c216102d29de705cdbb3eb65f955ca404e9f3d05a2909668b984855f1730297430815cf4fe3f
SSDEEP

3072:mvL+ol6O/KuivOjgWEdLB7865zkJ2pt3c6PxRqj+Cllv1pFk:mvSopNiv3WkLB7nlZOllv1pF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2512	Unicorn-22074.exe
2340	Unicorn-9432.exe
1928	Unicorn-24294.exe
2860	Unicorn-56023.exe
2996	Unicorn-3101.exe
2732	Unicorn-14798.exe
1292	Unicorn-14409.exe
1696	Unicorn-44129.exe
2592	Unicorn-63994.exe
1840	Unicorn-23154.exe
1520	Unicorn-60657.exe
1664	Unicorn-9095.exe
1504	Unicorn-15255.exe
2928	Unicorn-60927.exe
3052	Unicorn-48120.exe
2232	Unicorn-31400.exe
2196	Unicorn-28254.exe
2308	Unicorn-12110.exe
1280	Unicorn-31976.exe
1684	Unicorn-63911.exe
604	Unicorn-19541.exe
1528	Unicorn-63719.exe
1076	Unicorn-19925.exe
768	Unicorn-13942.exe
2416	Unicorn-54975.exe
996	Unicorn-54975.exe
1144	Unicorn-46807.exe
692	Unicorn-43085.exe
1892	Unicorn-18581.exe
1568	Unicorn-22111.exe
2456	Unicorn-35493.exe
1156	Unicorn-47191.exe
2428	Unicorn-50468.exe
2828	Unicorn-37853.exe
2844	Unicorn-45829.exe
2264	Unicorn-62741.exe
2604	Unicorn-18371.exe
2452	Unicorn-13348.exe
1732	Unicorn-37085.exe
2624	Unicorn-26264.exe
2768	Unicorn-54874.exe
2816	Unicorn-51153.exe
2752	Unicorn-62850.exe
2840	Unicorn-64962.exe
2340	Unicorn-64962.exe
1668	Unicorn-64962.exe
2276	Unicorn-44905.exe
1740	Unicorn-53649.exe
2916	Unicorn-40842.exe
2968	Unicorn-65154.exe
908	Unicorn-52497.exe
2960	Unicorn-6825.exe
2964	Unicorn-60473.exe
2868	Unicorn-44672.exe
2572	Unicorn-61200.exe
2860	Unicorn-52648.exe
2280	Unicorn-17022.exe
1660	Unicorn-61584.exe
3040	Unicorn-14303.exe
1832	Unicorn-59975.exe
288	Unicorn-15735.exe
2516	Unicorn-35601.exe
2016	Unicorn-43193.exe
2580	Unicorn-10328.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
2512	Unicorn-22074.exe
2512	Unicorn-22074.exe
2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
2340	Unicorn-9432.exe
2340	Unicorn-9432.exe
2512	Unicorn-22074.exe
2512	Unicorn-22074.exe
1928	Unicorn-24294.exe
1928	Unicorn-24294.exe
2860	Unicorn-56023.exe
2860	Unicorn-56023.exe
2996	Unicorn-3101.exe
2996	Unicorn-3101.exe
2340	Unicorn-9432.exe
2340	Unicorn-9432.exe
1928	Unicorn-24294.exe
1928	Unicorn-24294.exe
2732	Unicorn-14798.exe
2732	Unicorn-14798.exe
1292	Unicorn-14409.exe
1292	Unicorn-14409.exe
2592	Unicorn-63994.exe
2860	Unicorn-56023.exe
2592	Unicorn-63994.exe
2860	Unicorn-56023.exe
1696	Unicorn-44129.exe
1696	Unicorn-44129.exe
2996	Unicorn-3101.exe
2996	Unicorn-3101.exe
1840	Unicorn-23154.exe
1840	Unicorn-23154.exe
2732	Unicorn-14798.exe
1520	Unicorn-60657.exe
2732	Unicorn-14798.exe
1520	Unicorn-60657.exe
1664	Unicorn-9095.exe
1664	Unicorn-9095.exe
1292	Unicorn-14409.exe
1292	Unicorn-14409.exe
1504	Unicorn-15255.exe
1504	Unicorn-15255.exe
2592	Unicorn-63994.exe
2592	Unicorn-63994.exe
2196	Unicorn-28254.exe
2196	Unicorn-28254.exe
3052	Unicorn-48120.exe
3052	Unicorn-48120.exe
1280	Unicorn-31976.exe
1280	Unicorn-31976.exe
2308	Unicorn-12110.exe
2308	Unicorn-12110.exe
1520	Unicorn-60657.exe
1520	Unicorn-60657.exe
1696	Unicorn-44129.exe
1696	Unicorn-44129.exe
2232	Unicorn-31400.exe
2232	Unicorn-31400.exe
1840	Unicorn-23154.exe
1840	Unicorn-23154.exe
2928	Unicorn-60927.exe
2928	Unicorn-60927.exe

Program crash 16 IoCs

pid	pid_target	Process	procid_target
1612	2752	WerFault.exe	73
2972	1808	WerFault.exe	109
2916	2704	WerFault.exe	160
2828	3064	WerFault.exe	196
2416	1536	WerFault.exe	248
2640	1088	WerFault.exe	336
1784	2676	WerFault.exe	296
1888	1496	WerFault.exe	337
1700	2780	WerFault.exe	344
2932	1500	WerFault.exe	391
1608	2264	WerFault.exe	411
1736	2644	WerFault.exe	432
380	2812	WerFault.exe	467
1984	3036	WerFault.exe	498
920	548	WerFault.exe	511
1056	1920	WerFault.exe	517

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48572.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
2512	Unicorn-22074.exe
2340	Unicorn-9432.exe
1928	Unicorn-24294.exe
2860	Unicorn-56023.exe
2996	Unicorn-3101.exe
2732	Unicorn-14798.exe
1292	Unicorn-14409.exe
1696	Unicorn-44129.exe
2592	Unicorn-63994.exe
1840	Unicorn-23154.exe
1520	Unicorn-60657.exe
1664	Unicorn-9095.exe
1504	Unicorn-15255.exe
3052	Unicorn-48120.exe
2196	Unicorn-28254.exe
2232	Unicorn-31400.exe
2928	Unicorn-60927.exe
1280	Unicorn-31976.exe
2308	Unicorn-12110.exe
1684	Unicorn-63911.exe
604	Unicorn-19541.exe
1528	Unicorn-63719.exe
1076	Unicorn-19925.exe
768	Unicorn-13942.exe
2416	Unicorn-54975.exe
996	Unicorn-54975.exe
1144	Unicorn-46807.exe
692	Unicorn-43085.exe
1892	Unicorn-18581.exe
1568	Unicorn-22111.exe
2456	Unicorn-35493.exe
1156	Unicorn-47191.exe
2828	Unicorn-37853.exe
2844	Unicorn-45829.exe
2428	Unicorn-50468.exe
2604	Unicorn-18371.exe
2264	Unicorn-62741.exe
2452	Unicorn-13348.exe
1732	Unicorn-37085.exe
2624	Unicorn-26264.exe
2768	Unicorn-54874.exe
2816	Unicorn-51153.exe
2752	Unicorn-62850.exe
2840	Unicorn-64962.exe
1668	Unicorn-64962.exe
2340	Unicorn-64962.exe
2276	Unicorn-44905.exe
1740	Unicorn-53649.exe
2916	Unicorn-40842.exe
2968	Unicorn-65154.exe
908	Unicorn-52497.exe
2960	Unicorn-6825.exe
2964	Unicorn-60473.exe
2868	Unicorn-44672.exe
2860	Unicorn-52648.exe
2572	Unicorn-61200.exe
2280	Unicorn-17022.exe
1660	Unicorn-61584.exe
3040	Unicorn-14303.exe
1832	Unicorn-59975.exe
2516	Unicorn-35601.exe
288	Unicorn-15735.exe
2016	Unicorn-43193.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2512	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	31
PID 2488 wrote to memory of 2512	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	31
PID 2488 wrote to memory of 2512	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	31
PID 2488 wrote to memory of 2512	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	31
PID 2512 wrote to memory of 2340	2512	Unicorn-22074.exe	32
PID 2512 wrote to memory of 2340	2512	Unicorn-22074.exe	32
PID 2512 wrote to memory of 2340	2512	Unicorn-22074.exe	32
PID 2512 wrote to memory of 2340	2512	Unicorn-22074.exe	32
PID 2488 wrote to memory of 1928	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	33
PID 2488 wrote to memory of 1928	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	33
PID 2488 wrote to memory of 1928	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	33
PID 2488 wrote to memory of 1928	2488	dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe	33
PID 2340 wrote to memory of 2860	2340	Unicorn-9432.exe	34
PID 2340 wrote to memory of 2860	2340	Unicorn-9432.exe	34
PID 2340 wrote to memory of 2860	2340	Unicorn-9432.exe	34
PID 2340 wrote to memory of 2860	2340	Unicorn-9432.exe	34
PID 2512 wrote to memory of 2996	2512	Unicorn-22074.exe	35
PID 2512 wrote to memory of 2996	2512	Unicorn-22074.exe	35
PID 2512 wrote to memory of 2996	2512	Unicorn-22074.exe	35
PID 2512 wrote to memory of 2996	2512	Unicorn-22074.exe	35
PID 1928 wrote to memory of 2732	1928	Unicorn-24294.exe	36
PID 1928 wrote to memory of 2732	1928	Unicorn-24294.exe	36
PID 1928 wrote to memory of 2732	1928	Unicorn-24294.exe	36
PID 1928 wrote to memory of 2732	1928	Unicorn-24294.exe	36
PID 2860 wrote to memory of 1292	2860	Unicorn-56023.exe	37
PID 2860 wrote to memory of 1292	2860	Unicorn-56023.exe	37
PID 2860 wrote to memory of 1292	2860	Unicorn-56023.exe	37
PID 2860 wrote to memory of 1292	2860	Unicorn-56023.exe	37
PID 2996 wrote to memory of 2592	2996	Unicorn-3101.exe	38
PID 2996 wrote to memory of 2592	2996	Unicorn-3101.exe	38
PID 2996 wrote to memory of 2592	2996	Unicorn-3101.exe	38
PID 2996 wrote to memory of 2592	2996	Unicorn-3101.exe	38
PID 2340 wrote to memory of 1696	2340	Unicorn-9432.exe	39
PID 2340 wrote to memory of 1696	2340	Unicorn-9432.exe	39
PID 2340 wrote to memory of 1696	2340	Unicorn-9432.exe	39
PID 2340 wrote to memory of 1696	2340	Unicorn-9432.exe	39
PID 1928 wrote to memory of 1520	1928	Unicorn-24294.exe	40
PID 1928 wrote to memory of 1520	1928	Unicorn-24294.exe	40
PID 1928 wrote to memory of 1520	1928	Unicorn-24294.exe	40
PID 1928 wrote to memory of 1520	1928	Unicorn-24294.exe	40
PID 2732 wrote to memory of 1840	2732	Unicorn-14798.exe	41
PID 2732 wrote to memory of 1840	2732	Unicorn-14798.exe	41
PID 2732 wrote to memory of 1840	2732	Unicorn-14798.exe	41
PID 2732 wrote to memory of 1840	2732	Unicorn-14798.exe	41
PID 1292 wrote to memory of 1664	1292	Unicorn-14409.exe	42
PID 1292 wrote to memory of 1664	1292	Unicorn-14409.exe	42
PID 1292 wrote to memory of 1664	1292	Unicorn-14409.exe	42
PID 1292 wrote to memory of 1664	1292	Unicorn-14409.exe	42
PID 2592 wrote to memory of 1504	2592	Unicorn-63994.exe	43
PID 2592 wrote to memory of 1504	2592	Unicorn-63994.exe	43
PID 2592 wrote to memory of 1504	2592	Unicorn-63994.exe	43
PID 2592 wrote to memory of 1504	2592	Unicorn-63994.exe	43
PID 2860 wrote to memory of 2928	2860	Unicorn-56023.exe	44
PID 2860 wrote to memory of 2928	2860	Unicorn-56023.exe	44
PID 2860 wrote to memory of 2928	2860	Unicorn-56023.exe	44
PID 2860 wrote to memory of 2928	2860	Unicorn-56023.exe	44
PID 1696 wrote to memory of 3052	1696	Unicorn-44129.exe	45
PID 1696 wrote to memory of 3052	1696	Unicorn-44129.exe	45
PID 1696 wrote to memory of 3052	1696	Unicorn-44129.exe	45
PID 1696 wrote to memory of 3052	1696	Unicorn-44129.exe	45
PID 2996 wrote to memory of 2196	2996	Unicorn-3101.exe	46
PID 2996 wrote to memory of 2196	2996	Unicorn-3101.exe	46
PID 2996 wrote to memory of 2196	2996	Unicorn-3101.exe	46
PID 2996 wrote to memory of 2196	2996	Unicorn-3101.exe	46

C:\Users\Admin\AppData\Local\Temp\dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe
"C:\Users\Admin\AppData\Local\Temp\dcbf0691d793b7bb3d0895d87f7cc1cbbafe36ff556865f59253a86259dfc1fd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43193.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        12⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        15⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        16⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        17⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        18⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        19⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        20⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        21⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        12⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        14⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        15⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
        16⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        17⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        18⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        19⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 380
        19⤵
        Program crash
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 376
        18⤵
        Program crash
        
        PID:380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 376
        17⤵
        Program crash
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 376
        16⤵
        Program crash
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 376
        15⤵
        Program crash
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 376
        14⤵
        Program crash
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 380
        13⤵
        Program crash
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 368
        12⤵
        Program crash
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 376
        11⤵
        Program crash
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        9⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        12⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        13⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        14⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        15⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        16⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        17⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        18⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        19⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        11⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        12⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37297.exe
        13⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        14⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        15⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
        16⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        17⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40384.exe
        18⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
        19⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        20⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        21⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        9⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        12⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        14⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        16⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        17⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        18⤵
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        12⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        13⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        14⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        16⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        17⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        18⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        9⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        11⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30679.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        14⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        15⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        16⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        17⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        18⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        19⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        14⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        15⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        16⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        17⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        18⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1360.exe
        11⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        12⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
        13⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
        15⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        16⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        17⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
        18⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        13⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        14⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        15⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        16⤵
        Program crash
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        7⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        10⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        14⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        15⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        16⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5149.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        11⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        14⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        15⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25831.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        17⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
        18⤵
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        11⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        13⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        15⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        17⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        18⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        19⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
        11⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        16⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        18⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
        13⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41152.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        16⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        17⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        18⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        7⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        10⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        12⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
        13⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 220
        14⤵
        Program crash
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        9⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        10⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7836.exe
        11⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        14⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        15⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        16⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
        17⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        18⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        12⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        13⤵
        Program crash
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        9⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        10⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        11⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        14⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        15⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        16⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        17⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        18⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        15⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39381.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        9⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        10⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        12⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        14⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57704.exe
        15⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        16⤵
        
        PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        13⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        15⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        16⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
        17⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        18⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        19⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        20⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
        18⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        16⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        17⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        18⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        13⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        14⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        15⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        17⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        18⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18371.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43053.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        10⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34826.exe
        15⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        17⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        18⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        11⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        14⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        15⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        18⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64636.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
        10⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        13⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        15⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        16⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        17⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6467.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        10⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        13⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        14⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        15⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        16⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        17⤵
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51829.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        12⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        15⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        16⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        17⤵
        
        PID:548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 224
        18⤵
        Program crash
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        11⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        13⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        14⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        16⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        17⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        12⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        14⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14560.exe
        15⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
        16⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        17⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
        18⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        19⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        20⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        11⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        15⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        17⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        18⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        11⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        16⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        17⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        13⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50062.exe
        15⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
        17⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        18⤵
        
        PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        9⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        11⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        13⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54307.exe
        15⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        16⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        17⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        18⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1888.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        14⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        15⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        16⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
        17⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        7⤵
        Executes dropped EXE
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        10⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        13⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        14⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
        15⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        17⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        18⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        12⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        14⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        16⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        18⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
        12⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        14⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        16⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        17⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        13⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        15⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        16⤵
        
        PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        13⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        14⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        17⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8578.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        12⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        13⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        14⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        15⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        17⤵
        
        PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        12⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        13⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        14⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
        15⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59411.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        17⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        18⤵
        Program crash
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        13⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        14⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        15⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        16⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        17⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        18⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        19⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59270.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        10⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        11⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        13⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        14⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        15⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        16⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        12⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        13⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        15⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        17⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
        16⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        17⤵
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        6⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32092.exe
        5⤵
        
        PID:1808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        6⤵
        Program crash
        
        PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe

Filesize
192KB

MD5
3cfa325e793a634811be2504a249adbb

SHA1
7487d1bf78d010d61c6eb3f35909b975ff8b50cd

SHA256
04b9e35d30dff3545f2492576a7219ec305921320d2c8d388f76b54eceed2868

SHA512
b09cc358b1bec330d6e3fa287fea3897ecded5388b63cf3037abef86ecd074c7604b754b8e612df066696d0e70b854f3fd0cf8c981f13602b2e2a0eb0b3fb5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe

Filesize
192KB

MD5
c00983d883fc25a231cbdc815ccf4464

SHA1
1bab9c36d4ea1c5fecde8a99420a07596cbf94a9

SHA256
afe1512cfa1ca7a501d278cbffd2b3704213a79fb326ec231e81ca7703575fce

SHA512
2ca88652ea9ac3f650c49695a99192f8ba2a8084254f0287916e77c55d7c77ad7d7e6377018b6425b227b3bdd85b407aae2390fdee929a6a9244e30cf18cfd15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe

Filesize
192KB

MD5
3879ef8e8afcf05befa9b5ac8df29e5e

SHA1
bbb784e58c461ef875ac8eec018161689328d774

SHA256
48e444aed4d250c34b11fb5a7a87044510e515280dc221c33687de599ff9da50

SHA512
2f80ede82ad1d05940210c1be5f41d8abe92e879b2778f2b6ebf7c8ddcba732ea7b751acaf2de01508c3d025d259f9cccfeb8c8f4956362b82f9f18fe01e5cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe

Filesize
192KB

MD5
ed9b3cd145c3aa3b1e45eb96505fea4a

SHA1
65f6d2a39461ff83234f43c205d1c482a5e6e92c

SHA256
09fbe64b06c84bbf57d56f08a6bd27015dea6af2fbcb35e2db67c983c4b3baff

SHA512
437eb1bc9fe33740b997d2fdfe96a3c124be238fe19cc9e0dcb850d0231b07284f0f812b8ba1caecaf9b78770e5a9132aaafc5c77f229d97a2d8284686b8c84b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe

Filesize
192KB

MD5
92e6d5089089c25f5459117ebd163ded

SHA1
8dd5da60e76732a222509140b3675707fba90447

SHA256
2cb0028eba3cf359d8493267ad059b69971fd8f671a482b091f4aea3246ba872

SHA512
c1b57a880e8c5d96510ef74156cf7c73665d70b2292726366b594bfb4d2daa66a13f204a0ea9d620ef90b9a06eff8bffd7f19e55886e4d27e7b7f4d5ea279818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe

Filesize
192KB

MD5
cf5b0e587328738e366bfb0bdaaa785f

SHA1
f43b0310b7f71a0bea1fd737fc9ac9e5adcc3d2e

SHA256
ab087e70543c5377b021a10676ba7fe977c687642bd1615224136c9a329251d4

SHA512
dfad883a8a24a515936670116a6ab2a06a8720beff0f804050bf0dbbc4b4d4186940e4e4f5317296c0a1a818e4a99f6c214b2d0e2c00a42f7621a941e29f0a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe

Filesize
192KB

MD5
f1b8d5d9eb522b3a89d911f10187bd16

SHA1
753077a54c232f5a106252fa5a2bb75752b4f3d7

SHA256
51bc48bd9bd5a0129679112d2225f9e3f3490acd26b3698d04e622276f708222

SHA512
1ab829eb10d4c0a2c6d5f5c8c5c776d2d97c3d6e2072bf02a87a2f6235ce9461de5e03c56f19444bb3a57399ea0a84825abd07a32dd2cde10ab0f0851850d56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe

Filesize
192KB

MD5
933edb00f95577c2a4bd7eca38ec4c87

SHA1
c020e4980c46220dfc29199d00990b51a23965d5

SHA256
61f0a4295c1e244fc874997086727edacf9f977e51b49edea10f7bb70e94e0fe

SHA512
073acae0d2b78494e45e86193adc3bfb2947e0ba27b5e85fcea2ad8f265ecb3951725f49a7f838c915e31a75e5fd6e42a6cc9dadd913d3979a6d114522c9394e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe

Filesize
192KB

MD5
7f03db91f91b5339468806ea44c39226

SHA1
49f2f414a89f81d0325b9c7d1313eed9debbfae1

SHA256
87ca4beb9364f68143168151026647ed327f74beed3ce160963137db3d5fec7c

SHA512
375463d3ffafb29414ed258ff70b6d3266cde746463350a2b6570616b2ddb3cb17ae3963f4ec091ef042a3582a4585896bc0cae25a6ff7b39fe9eda564547e98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe

Filesize
192KB

MD5
a4d22ca0ca602ab4ecd76158dd812254

SHA1
c20883f498beabd6723f5e36b157f70233c5ec27

SHA256
fd28f01d912acabde1c5c6be1281aab3fbab7106883c6553d811a483fa93ec69

SHA512
15968f531b1f665244fb6c930398191d54fd02b69271f55d70f90e50ef46db5e91b896ec388de7d9026cd46d722402fdcf7811da209df4c457c503a830f710af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe

Filesize
192KB

MD5
6f56bfa15183ff3bebdb57deaff1d161

SHA1
fbd284003e1c31ef0559993e938b3403789c3ac2

SHA256
6e8120f835d5d2a09e60ee25e37092e180b9d62fecbbbd2f12b551ecc70d4519

SHA512
60bd7e26627117ac5749489a8a9f950a078758c993c44d59392908a0eff8c336581d061e6b72c9a5e34d6a599d8d4edfd8cef21ef59b3b6bd22f0ee3a79f8ad8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe

Filesize
192KB

MD5
b8064211a124e25a27bfcf3eae05df64

SHA1
24899bc1941b7873c29b6ab2309d4ebce73ff7b6

SHA256
91c1d6b5d58585e8a3041dd1df0efbae2c7de41bae8ce8dfcfa3789514620695

SHA512
3b16f158f657ed6060fb5d70bd5d58bba18796e44cca3764726cfdd7b60664e1154ea9c4f7e1b5df8c6e1e720b893d77c10e1c7c88d1aca26f112e0e1b697ecc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe

Filesize
192KB

MD5
42186765f316877b3537fcecf1a8f587

SHA1
2c6ca7bc76c3c2cb986fbf423152e84c900f0c6a

SHA256
b27a9d102e488373fffe955bbc73fde9ae3180b87975c841fbfab02cf075734f

SHA512
7cb1f8a2c800fa01a1d5b988aaf7e4889da1bdb00084984f0981003dac6966dee1fe5f7189e3b79808990154cf4d8e3bd0fe671ab10fcc11cf0dc0b396782487

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe

Filesize
192KB

MD5
aada0030d9ea44343621e77695dea562

SHA1
b9c0f420ff01e1bc5cc438eff772b77756499f65

SHA256
f3a77864823954f22ee27a1182d9baff4c9b5322fc47ab50fafe763892e6ca5e

SHA512
349c62e5d8171bf1041540f4a564f96185c847e511ec2d75cfd8caf897be983c33d810c76e4a30e8767aaa05fa2eeee05cd5d1a47c2a38e7cc46153f0d7d4809

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe

Filesize
192KB

MD5
d4d3f9cc9c6e17168a99271d0fd94ebf

SHA1
296344a539c163c399070db43db1f51e6d9ae438

SHA256
fb75e2d68234f432a17aee6edd0671c96b32f656cffe1c5203920302f11d7b7d

SHA512
48c95ad6b6efb84fb3da4bfb43db14b0df9f64a8e0a75fd1ebcd37a7804b58114e9b0e89d1ce003237346ecb4cc69772fe55eb0bf1c65c88cbe2ee123db5412b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe

Filesize
192KB

MD5
538107f79b77a93fc1fc0b2415900f07

SHA1
3243634cd160211cf51132dadae5cdc6b0bc7c4e

SHA256
dacda48696bc59531cbd5d46cf54efab082d8237b5d0aa33f5ee4bc2a465a877

SHA512
b1e7a7f9f053d08c0487dc6a86b661f24291984631b1e51307c6f60a8a637c171b8a3b406776fdc7bd1373d4772f0e9348bf5dd3c8dc75c9c9b4744cde551e65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe

Filesize
192KB

MD5
75094c904ed6d58fdec6d06b1a14843d

SHA1
b4b562dd4447e3b78acc253233e00feb77e19f94

SHA256
53cbc4fdf95a6e3484ec3fc196c525b99e0ba9230eff80e30f8457d8b93826d2

SHA512
aa97352976757e31165b30d61a6d2e270d9d00f8f8622b2c801911f98cb4b6a267138e49077cf570c2e8f54fec58cb0ce69a950147150978b5a3963ce910f291

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe

Filesize
192KB

MD5
4ebfa2a891c376666aa72129f3900a60

SHA1
0abe3ddc4b9dac152edcbe19d5b3cec683bd810a

SHA256
63a8a9a820bb0ad3e8acf9c7ea13f48daad08e4f03e8068854613b944177d22a

SHA512
ebbd2d3ffd2520614bbd019039353c8ff9fd12a70e8a3bc5b776ed63b53b352afe3a68e5672b81cffc3905a387652f4f6b3e268ce1564fe5bdf99e2c31020284

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe

Filesize
192KB

MD5
aa47f4f4fa9bbc6ae6329f24d84ed28a

SHA1
cbeab0a6788dca5810ace7e1a819dba1146c286e

SHA256
872a1f565446be666ffab47866432485e8ac7950b69e3f95b30e1b5d96af6f98

SHA512
a7e67c1ec69fc0fa6a4b3d951c9d4b2e5b2d36c9151ea9fd843d6781de3e0ab80df3b2673081b59026ee65f31300a27d590821242c773fb623b82d6a547c0090

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe

Filesize
192KB

MD5
3a35bb4223dbc525a4b15bcefab8ab74

SHA1
8d533cae27240bc32b5e88f2b0d4962313ffdd99

SHA256
a1b6a8aef9344083981ab63f8b77765f39999b0d179517bcf518f574239174fa

SHA512
cc74df417d755d89218bcd63b4b890395ec9de391c5ea3724c4931cafadaf58d168961f92bd146feac0fca18477f5b6e3d7c88e338f522e35fa0beebe11b2fd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe

Filesize
192KB

MD5
dec2fd299ce319e216de33b9df41d0a3

SHA1
4f93c32c798460d1862bb2cbac3e1f5bb2784d8b

SHA256
47acab6ac2b7ed1c99b71c4790b36fad2a262faa1e5cfa104bae7008dea15a57

SHA512
f96c8ca041e4261fb55669e00c458c9804bc1c770c93226cebce4dca0d511120a4dc017af97d8d7a9b2618bb33f0f9686055fbd8110e80b9674f5ca6cfffc06a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe

Filesize
192KB

MD5
59a49a2c6cad4534aa7758e3e05e0fc1

SHA1
6fdb80317423fe1c4fcf51110df5896cceb3244b

SHA256
d0870735be7c4143737dd197de67723f929dd5953c828f3493834efb45f81eac

SHA512
c98eeefeca85392d076a9e7f6e28449781aba69962761bca4285387490801aa564026e05c39fa710929662cc432d02581959abdd615289d1caa721c92278a0cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe

Filesize
192KB

MD5
ae1b9340677ea2054059f04ab8ab1910

SHA1
061f139cf69a602c0a8437adf73432c24a83e652

SHA256
1ac13280fe2e1dd60ad1e2018d5e7ec7cc0871294b3f9ed6c07e84da15b5f4c0

SHA512
3194ab92478b7599aae7dc86a9a21ba51b52fccb5a89f8582fe1270ee89f4c54d2041db9e76adb938fa1e1f70730e73c45a033f2ee2ade0a6ad55cf3d4a4a6b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe

Filesize
192KB

MD5
58a8034e9531bae338662ccc160b28d7

SHA1
70263d479b63dc352ec8995716369a0de3ba9b0a

SHA256
a55f9fa4a6af1cd8a3ccf629adc997fa364ca554c8155487f0a1a2afdd9b9a55

SHA512
3f8aa81b0a80a231850c06f4fb563e6a95e460fae4b6e0aa73006dda0a2f1a4bafba0783b3bbf7008e4685a933cb1f1ea7591a86ab02b6d9cb31411d171026f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe

Filesize
192KB

MD5
e69a8a5681cb5016684c388726489aa4

SHA1
40fa8c2f2e122d5aebf539f2ac4486553a6d10fc

SHA256
af88e04970939f3fc2f12e39b9d5f0b4f57b63cac8f447b95a1b3098f6a3967c

SHA512
6543b4b1cfc59ce1df1930834d1cc21e4726199ee51c437d15789769e7ce42109fc8815818691b89a1f219dd913977a833aeddec9fa87c7ba5977b9aa3ce8ca6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe

Filesize
192KB

MD5
8416d49a30f36a8b510b5f8dc0989465

SHA1
c5b8d0ec4db7c69a7f717caba019d46b07ecfe72

SHA256
d6ad10e1d0702815d6503110aea163010051fea44df798b4a4df5c65f7cbc0da

SHA512
a1218df51e4caf49b2e4cda87e3aa94bc2f73c0e82c25f197461d861829a74ca92dccca61051d21820c928b6925404333713c73f5e96cab467293548477c0552

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe

Filesize
192KB

MD5
af84eb014435279bf13895cfedf498ef

SHA1
1617fa85707ab246c82847b27905030a8d1e1256

SHA256
1154ea69e5996cd413a79a9af54d145d9ec5b7b74a96f51c896455e695a238dc

SHA512
fb0326edbcf8d2745fe039ab61e7b31eb96851f506b41e7baa5c27c4cff4d14fb073d09816a8b8693680eaaeece43bc6ef18ecb66b12b8b805c3da7e64408a5b

Download Submit