ffe5f1e65b3c4fb50248244641ec67002de37f3415db91ce7acb8ba42dda5e8d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
Size

192KB
MD5

f288dbf12f5472cd55791815a9d25d97
SHA1

6155190771e0116c45563c1a02cb86bedcb86c64
SHA256

548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b
SHA512

5824bee2fed7c7a30c38753f15b0aa8d54df91ba41638bda9e4c9b6ddd5c405f6533e1be19118ddf0623e41291288714f0f1640d2a918968c18cb64de1122b6d
SSDEEP

3072:MLMWoPYtA9bQMOji8QdFsJOL6LCaMzefeetxJJERnilHtpFf:MLJoJhQMh88FsJW/0F4ilHtpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2912	Unicorn-39081.exe
1896	Unicorn-23186.exe
1916	Unicorn-60689.exe
1840	Unicorn-32719.exe
2932	Unicorn-13922.exe
2544	Unicorn-33788.exe
2552	Unicorn-27177.exe
2776	Unicorn-48728.exe
2480	Unicorn-44089.exe
2484	Unicorn-27753.exe
2896	Unicorn-57088.exe
1192	Unicorn-22019.exe
1040	Unicorn-26849.exe
2360	Unicorn-29995.exe
2012	Unicorn-2449.exe
2340	Unicorn-2257.exe
2744	Unicorn-47929.exe
1992	Unicorn-56097.exe
2716	Unicorn-10425.exe
1360	Unicorn-7275.exe
1212	Unicorn-3554.exe
1356	Unicorn-56284.exe
1140	Unicorn-28607.exe
1792	Unicorn-16717.exe
3008	Unicorn-4486.exe
564	Unicorn-18170.exe
1780	Unicorn-38036.exe
1804	Unicorn-20740.exe
2116	Unicorn-20740.exe
904	Unicorn-874.exe
1640	Unicorn-25186.exe
2520	Unicorn-58814.exe
1680	Unicorn-24340.exe
2848	Unicorn-44206.exe
2528	Unicorn-49037.exe
2636	Unicorn-28446.exe
2684	Unicorn-412.exe
2292	Unicorn-20278.exe
2680	Unicorn-28254.exe
2492	Unicorn-49421.exe
2880	Unicorn-60158.exe
2868	Unicorn-18934.exe
2884	Unicorn-64605.exe
344	Unicorn-11149.exe
1916	Unicorn-43822.exe
1200	Unicorn-56821.exe
812	Unicorn-9141.exe
2172	Unicorn-54813.exe
2028	Unicorn-22825.exe
1996	Unicorn-42691.exe
1604	Unicorn-43267.exe
1276	Unicorn-63360.exe
2532	Unicorn-26966.exe
2476	Unicorn-47325.exe
1732	Unicorn-51772.exe
824	Unicorn-47133.exe
2972	Unicorn-64045.exe
2988	Unicorn-11315.exe
3032	Unicorn-29763.exe
1492	Unicorn-57605.exe
2864	Unicorn-57605.exe
2900	Unicorn-50013.exe
3052	Unicorn-13619.exe
2300	Unicorn-33485.exe

Loads dropped DLL 64 IoCs

pid	Process
2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
2912	Unicorn-39081.exe
2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
2912	Unicorn-39081.exe
1896	Unicorn-23186.exe
1896	Unicorn-23186.exe
2912	Unicorn-39081.exe
1916	Unicorn-60689.exe
2912	Unicorn-39081.exe
1916	Unicorn-60689.exe
1840	Unicorn-32719.exe
1840	Unicorn-32719.exe
1896	Unicorn-23186.exe
1896	Unicorn-23186.exe
2932	Unicorn-13922.exe
2932	Unicorn-13922.exe
2544	Unicorn-33788.exe
2544	Unicorn-33788.exe
1916	Unicorn-60689.exe
1916	Unicorn-60689.exe
2552	Unicorn-27177.exe
2552	Unicorn-27177.exe
1840	Unicorn-32719.exe
1840	Unicorn-32719.exe
2776	Unicorn-48728.exe
2776	Unicorn-48728.exe
2484	Unicorn-27753.exe
2484	Unicorn-27753.exe
2896	Unicorn-57088.exe
2896	Unicorn-57088.exe
2544	Unicorn-33788.exe
2544	Unicorn-33788.exe
2932	Unicorn-13922.exe
2932	Unicorn-13922.exe
2480	Unicorn-44089.exe
2480	Unicorn-44089.exe
1192	Unicorn-22019.exe
1192	Unicorn-22019.exe
2552	Unicorn-27177.exe
2552	Unicorn-27177.exe
1040	Unicorn-26849.exe
1040	Unicorn-26849.exe
2360	Unicorn-29995.exe
2360	Unicorn-29995.exe
2776	Unicorn-48728.exe
2776	Unicorn-48728.exe
2340	Unicorn-2257.exe
2340	Unicorn-2257.exe
2896	Unicorn-57088.exe
2012	Unicorn-2449.exe
2896	Unicorn-57088.exe
2012	Unicorn-2449.exe
2484	Unicorn-27753.exe
2744	Unicorn-47929.exe
2716	Unicorn-10425.exe
2744	Unicorn-47929.exe
2716	Unicorn-10425.exe
2484	Unicorn-27753.exe
2480	Unicorn-44089.exe
2480	Unicorn-44089.exe
1360	Unicorn-7275.exe
1360	Unicorn-7275.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
1800	2436	WerFault.exe	102
2240	2732	WerFault.exe	141
2976	2252	WerFault.exe	164
2524	1224	WerFault.exe	192
764	2632	WerFault.exe	211
1364	1596	WerFault.exe	261
1816	940	WerFault.exe	321
2144	2708	WerFault.exe	349
1904	2692	WerFault.exe	334

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41095.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
2912	Unicorn-39081.exe
1896	Unicorn-23186.exe
1916	Unicorn-60689.exe
1840	Unicorn-32719.exe
2932	Unicorn-13922.exe
2544	Unicorn-33788.exe
2552	Unicorn-27177.exe
2776	Unicorn-48728.exe
2480	Unicorn-44089.exe
2896	Unicorn-57088.exe
2484	Unicorn-27753.exe
1192	Unicorn-22019.exe
1040	Unicorn-26849.exe
2360	Unicorn-29995.exe
2012	Unicorn-2449.exe
2340	Unicorn-2257.exe
1992	Unicorn-56097.exe
2744	Unicorn-47929.exe
2716	Unicorn-10425.exe
1360	Unicorn-7275.exe
1212	Unicorn-3554.exe
1356	Unicorn-56284.exe
1140	Unicorn-28607.exe
1792	Unicorn-16717.exe
3008	Unicorn-4486.exe
1780	Unicorn-38036.exe
564	Unicorn-18170.exe
1804	Unicorn-20740.exe
904	Unicorn-874.exe
2116	Unicorn-20740.exe
1640	Unicorn-25186.exe
2520	Unicorn-58814.exe
2848	Unicorn-44206.exe
2636	Unicorn-28446.exe
2684	Unicorn-412.exe
1680	Unicorn-24340.exe
2528	Unicorn-49037.exe
2292	Unicorn-20278.exe
2680	Unicorn-28254.exe
2492	Unicorn-49421.exe
2880	Unicorn-60158.exe
2884	Unicorn-64605.exe
2868	Unicorn-18934.exe
1200	Unicorn-56821.exe
812	Unicorn-9141.exe
1916	Unicorn-43822.exe
344	Unicorn-11149.exe
2172	Unicorn-54813.exe
2028	Unicorn-22825.exe
1996	Unicorn-42691.exe
1604	Unicorn-43267.exe
1276	Unicorn-63360.exe
2532	Unicorn-26966.exe
2476	Unicorn-47325.exe
1732	Unicorn-51772.exe
824	Unicorn-47133.exe
3032	Unicorn-29763.exe
2972	Unicorn-64045.exe
2988	Unicorn-11315.exe
1492	Unicorn-57605.exe
2864	Unicorn-57605.exe
2900	Unicorn-50013.exe
3052	Unicorn-13619.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2912	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	28
PID 2844 wrote to memory of 2912	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	28
PID 2844 wrote to memory of 2912	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	28
PID 2844 wrote to memory of 2912	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	28
PID 2912 wrote to memory of 1896	2912	Unicorn-39081.exe	29
PID 2844 wrote to memory of 1916	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	30
PID 2844 wrote to memory of 1916	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	30
PID 2912 wrote to memory of 1896	2912	Unicorn-39081.exe	29
PID 2912 wrote to memory of 1896	2912	Unicorn-39081.exe	29
PID 2844 wrote to memory of 1916	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	30
PID 2844 wrote to memory of 1916	2844	548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe	30
PID 2912 wrote to memory of 1896	2912	Unicorn-39081.exe	29
PID 1896 wrote to memory of 1840	1896	Unicorn-23186.exe	31
PID 1896 wrote to memory of 1840	1896	Unicorn-23186.exe	31
PID 1896 wrote to memory of 1840	1896	Unicorn-23186.exe	31
PID 1896 wrote to memory of 1840	1896	Unicorn-23186.exe	31
PID 2912 wrote to memory of 2932	2912	Unicorn-39081.exe	32
PID 2912 wrote to memory of 2932	2912	Unicorn-39081.exe	32
PID 2912 wrote to memory of 2932	2912	Unicorn-39081.exe	32
PID 2912 wrote to memory of 2932	2912	Unicorn-39081.exe	32
PID 1916 wrote to memory of 2544	1916	Unicorn-60689.exe	33
PID 1916 wrote to memory of 2544	1916	Unicorn-60689.exe	33
PID 1916 wrote to memory of 2544	1916	Unicorn-60689.exe	33
PID 1916 wrote to memory of 2544	1916	Unicorn-60689.exe	33
PID 1840 wrote to memory of 2552	1840	Unicorn-32719.exe	34
PID 1840 wrote to memory of 2552	1840	Unicorn-32719.exe	34
PID 1840 wrote to memory of 2552	1840	Unicorn-32719.exe	34
PID 1840 wrote to memory of 2552	1840	Unicorn-32719.exe	34
PID 1896 wrote to memory of 2776	1896	Unicorn-23186.exe	35
PID 1896 wrote to memory of 2776	1896	Unicorn-23186.exe	35
PID 1896 wrote to memory of 2776	1896	Unicorn-23186.exe	35
PID 1896 wrote to memory of 2776	1896	Unicorn-23186.exe	35
PID 2932 wrote to memory of 2480	2932	Unicorn-13922.exe	36
PID 2932 wrote to memory of 2480	2932	Unicorn-13922.exe	36
PID 2932 wrote to memory of 2480	2932	Unicorn-13922.exe	36
PID 2932 wrote to memory of 2480	2932	Unicorn-13922.exe	36
PID 2544 wrote to memory of 2484	2544	Unicorn-33788.exe	37
PID 2544 wrote to memory of 2484	2544	Unicorn-33788.exe	37
PID 2544 wrote to memory of 2484	2544	Unicorn-33788.exe	37
PID 2544 wrote to memory of 2484	2544	Unicorn-33788.exe	37
PID 1916 wrote to memory of 2896	1916	Unicorn-60689.exe	38
PID 1916 wrote to memory of 2896	1916	Unicorn-60689.exe	38
PID 1916 wrote to memory of 2896	1916	Unicorn-60689.exe	38
PID 1916 wrote to memory of 2896	1916	Unicorn-60689.exe	38
PID 2552 wrote to memory of 1192	2552	Unicorn-27177.exe	39
PID 2552 wrote to memory of 1192	2552	Unicorn-27177.exe	39
PID 2552 wrote to memory of 1192	2552	Unicorn-27177.exe	39
PID 2552 wrote to memory of 1192	2552	Unicorn-27177.exe	39
PID 1840 wrote to memory of 1040	1840	Unicorn-32719.exe	40
PID 1840 wrote to memory of 1040	1840	Unicorn-32719.exe	40
PID 1840 wrote to memory of 1040	1840	Unicorn-32719.exe	40
PID 1840 wrote to memory of 1040	1840	Unicorn-32719.exe	40
PID 2776 wrote to memory of 2360	2776	Unicorn-48728.exe	41
PID 2776 wrote to memory of 2360	2776	Unicorn-48728.exe	41
PID 2776 wrote to memory of 2360	2776	Unicorn-48728.exe	41
PID 2776 wrote to memory of 2360	2776	Unicorn-48728.exe	41
PID 2484 wrote to memory of 2012	2484	Unicorn-27753.exe	42
PID 2484 wrote to memory of 2012	2484	Unicorn-27753.exe	42
PID 2484 wrote to memory of 2012	2484	Unicorn-27753.exe	42
PID 2484 wrote to memory of 2012	2484	Unicorn-27753.exe	42
PID 2896 wrote to memory of 2340	2896	Unicorn-57088.exe	43
PID 2896 wrote to memory of 2340	2896	Unicorn-57088.exe	43
PID 2896 wrote to memory of 2340	2896	Unicorn-57088.exe	43
PID 2896 wrote to memory of 2340	2896	Unicorn-57088.exe	43

C:\Users\Admin\AppData\Local\Temp\548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe
"C:\Users\Admin\AppData\Local\Temp\548fad3bdf463505e28c06cb4904dd775b9280d1b44bdd3e7d58c64d19ac980b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59011.exe
        14⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
        15⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8153.exe
        16⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
        17⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        18⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        19⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        20⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56560.exe
        16⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        17⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        18⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
        19⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        10⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        12⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        13⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        14⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220
        15⤵
        Program crash
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        10⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        12⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48236.exe
        14⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30022.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        16⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
        17⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        18⤵
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47325.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
        10⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        12⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        13⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
        14⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        15⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        16⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        17⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        18⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51772.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        10⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60005.exe
        12⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        13⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32585.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        15⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        16⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
        17⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        18⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        12⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        14⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        15⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        17⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        12⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        14⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        16⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43248.exe
        18⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        19⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 376
        13⤵
        Program crash
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 376
        12⤵
        Program crash
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 368
        11⤵
        Program crash
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        14⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        15⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        17⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        12⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
        14⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        15⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        16⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        17⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        18⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        18⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        14⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        15⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        16⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        17⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        7⤵
        Executes dropped EXE
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        10⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        13⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24308.exe
        14⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        15⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        16⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        17⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        18⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        13⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        15⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        17⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        18⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        19⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        20⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        21⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        11⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        13⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        14⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        17⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        18⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        16⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        17⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        11⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        13⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        15⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        16⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        17⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe
        8⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        10⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        14⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
        15⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        16⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        17⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        18⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        19⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        20⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        17⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
        18⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        19⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        14⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        15⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
        16⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50264.exe
        17⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
        18⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10199.exe
        12⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        14⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        15⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
        16⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        17⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        18⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        7⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14191.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47386.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 372
        12⤵
        Program crash
        
        PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55544.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        12⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        13⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        14⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        16⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20118.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
        12⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        13⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        14⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        15⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        16⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        17⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        18⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        19⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
        11⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        12⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        13⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        15⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        16⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
        17⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        11⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        12⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        13⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        14⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        16⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
        13⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        14⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        15⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        16⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        17⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        18⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6381.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        13⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        14⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        15⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24104.exe
        16⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        17⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59989.exe
        18⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        10⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        13⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        15⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        16⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
        17⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2864.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
        14⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        9⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        13⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        16⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
        10⤵
        Program crash
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        9⤵
        Program crash
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        8⤵
        Program crash
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33484.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        10⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        11⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        12⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11111.exe
        13⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        14⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        16⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        6⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        14⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        16⤵
        
        PID:3044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60689.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19187.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        12⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        14⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        15⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        16⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
        17⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        18⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        19⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39253.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        14⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        15⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        16⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        17⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        18⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        13⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        14⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        15⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        16⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        17⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11069.exe
        13⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        14⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        16⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        18⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        7⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        11⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        12⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        15⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        16⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        17⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        14⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42864.exe
        15⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
        7⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61705.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        11⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        15⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        16⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
        17⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        11⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        12⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        13⤵
        Program crash
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        13⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        14⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44942.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25410.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
        13⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        14⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        15⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        16⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        17⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        14⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        15⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        16⤵
        
        PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        9⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        11⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        12⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57696.exe
        14⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48921.exe
        15⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        16⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        17⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        19⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        15⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        16⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        17⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        18⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        12⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-275.exe
        13⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49902.exe
        14⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
        15⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        16⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        17⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
        6⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        11⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        12⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44381.exe
        14⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
        15⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
        13⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        14⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        16⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
        17⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        15⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
        16⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
        10⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        11⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        12⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        14⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        15⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        16⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        13⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23762.exe
        14⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11111.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        15⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        6⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3214.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        11⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        14⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        16⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        14⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe

Filesize
192KB

MD5
1e3d9ce2560f3b327b9c64dd94fabb14

SHA1
8780a5f82cf436e3fcc8b518ab018715527cdd2d

SHA256
02174d384c44477e9f88125e0a437068a5229c261d001d489524388f43e29e48

SHA512
30936979bed1ce680f6a93e3b42ef4801e65149c5bc59c0009867b42d13698916dc636f361cd9b588b0d6afc8593954f4cc585aef8552264cae6cc093e285dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe

Filesize
192KB

MD5
987f287632928f471d9ed371e3ff1dde

SHA1
e6e06535543cbdc43a82252ad484f981f078b3ee

SHA256
e3ac0798c1f3c3b227489da9730bf9e57cdf2d2b5bb8f90c405aae67d4972e32

SHA512
53607dcb8c48f4eab368baa8fe75518000442f0412fb565373ab7c33e893cfaa73f741a831914bad221a00afdd4cd1e9b04e0ba70d4601d4462b56832f561647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe

Filesize
192KB

MD5
7593650b54399d36b22bc85bf27cb0e1

SHA1
f6534b61a618b76a7935ceb21a9274071cac5ed0

SHA256
02d626abca87cbc2e0ab6c94d02c51735b8f37292a2790130ec7e9187b898d6a

SHA512
ac87a6f4323cf1830d03bad046af2a586bdd1bb2f578f2113c9182566455388560eee7f993396920c6b09b29fa1e03945257ab8701c334bc1845eca7325638eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe

Filesize
192KB

MD5
61bce73601906c784f4f0ea181124df1

SHA1
601712aab3192a9175b812370eaea136f4eaeaf2

SHA256
615789192332783f5e8b8aadd5cb6c7818d536d3fa618fabd4bd1ef107a95cd5

SHA512
37187fcba7b4915c64a4e0592bec3c323e3c496bdc509e244f4d2f81c4a216429df0703d712da8cdb364a12e100914a109c0c0b22a0569c9a41da5dc21ab993e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe

Filesize
192KB

MD5
b130c00dd114779b4c8f98947e7ab712

SHA1
685759b6c296245ec8617161a3dde9d72a3ae21b

SHA256
96626755a452e014d0677f41936c6cc046b86a823f2b51f638ad2b3cb1b0ebdc

SHA512
3888ba8a26630de748365f6fa111a94387e6b5b4b77c7e14cb234f1cb368a232ba1ba3ae8058ec009b9756b89e162ce149b8e766f54f152a1e873a788f7f2792

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40739.exe

Filesize
192KB

MD5
21cc2a6139f2bae96fb534dfa4a13449

SHA1
2cd7dc566f8cab19de39337d2d3540e4802cd33e

SHA256
7dc5532624cbe3e5aa6e16eb5723d0d1d8b720e70108055b606fd81e8b3104e2

SHA512
198f8712729d158dbc72726b43ff090cd9ffa54f8daefb9521c972377693c8d1bd1756ccea9cbe1217f192e28de5a3e843525e9ea95f667787961b4125e8c0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe

Filesize
192KB

MD5
70b78011e260846a23fbbfb17c2a1ef7

SHA1
d84bc6e4b2f3f6c9256c9ecf63f0ef31dd02503c

SHA256
a7021b17e3f0159f01e1a90c9c66647c9a02370e0b6eb069ae924487c5a2dbdb

SHA512
46b8f1539c0a083114c0fae05b4403d06066157d04bd1c824d41ac8977dc2889dce6e77f899db1b654b2b92956c3b22d071d74d9fd28e9d7b4221fa805b8ab64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe

Filesize
192KB

MD5
444c04075fe2665206550ddd3e3bb6ae

SHA1
f5a9211681594b60f747a79edc158b79f732528c

SHA256
cd9275f8806da6f871f2300eeaa04bc271e4a4f414bdc2a0f7dae290f2aa3457

SHA512
a5142db825be9a80308277facdfca3827bedcbd4f3144faab5db402c7c54b0f8beba9ff7889c58261731c35b0f1a6818ba3dbae5bfb56fa04c46c9420bf70dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe

Filesize
192KB

MD5
4b00f5ee56495686e6be5089c549db64

SHA1
6eaa5287846eb4da6bea79e3270b93d3c7e20427

SHA256
720014e97dd4d90f4a2688f741526bc068f66c383a1a38114f363c19f9cae5df

SHA512
f170e8597728715d5969cf46081b8f246efce1d65530a04c50a2c1eef14daf39ab2f9c2f93b8dbc3c83c1c0be5bb97478377d4db183ccafb73bbccf0ba65c4fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe

Filesize
192KB

MD5
35ba360c38f9ad11f08facf6bf9fcb79

SHA1
d9ede8fd12a90dfb671f1e8ff226ba7c3705a041

SHA256
db960411146810b99896799f807fdca9b04a26a9f303f8a09c2f278a38271f06

SHA512
fb43a6fcd7de86a8844049d38f55b568f6b36d18ac6aebb81f0bbc4eafe9dbb41a4115d47b82c8e96e4d658894c1529e72d799c1fe6d35542e893f8fcd3c3e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe

Filesize
192KB

MD5
649e5c31c319a8c27ab88883484618da

SHA1
8ef8837e8fdb03ed9cb56cd7310fa553014e5ee1

SHA256
7ec0ec5fd604145981269531e93c354da662b58c2ab300b073297f098a9e201a

SHA512
228a0e4fff1a880d66e8635a9f3e32f72b72bc451ba6d07ba8dcc6a3a6af581bd1219a9068cddbdc8c30ed807509cfe71102fb7664a633de105fb4ba53727c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe

Filesize
192KB

MD5
5655019e4b1e0b605ace7c086f9c4d06

SHA1
884ea05bc02e0d115a40c30c1ba9ae038948280a

SHA256
3e6a85e97134d2d2726a7a9256748b98dd168d7cb9956b6d788157524d1e715b

SHA512
969122bf8f644e6c37d03e36536bd2c1b689c4503bdbd304690971de3e6ee88651019933ae324264e179df2ad28bfabdcb408df46b1da4aceaa4bec999c3c37d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe

Filesize
192KB

MD5
c8ccc66c2a484ed5100c5a541fddd7cc

SHA1
5914ebea7ed3f4a0acc59537bced779dfd8ce99e

SHA256
9e16a05beaac3292bab5e1d793f66570c126bc91716bc47ee078dba1f96f14c8

SHA512
c5c7b699902fe0e1066b339806c0edb1ae63f4ea4c0d765375023ff49f1479bab69cb33de109290f3c6d4a2e8c3cc4e5f55c963aacdc2c66498010ee346276c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe

Filesize
192KB

MD5
6cca8adaeafa7eea92afa78e5b01112f

SHA1
5b90aae3145c0ec5c4487f29fe70df72927b7ac5

SHA256
9983e90e28555b268e60e4475c2b2c0616019cc3db0d066fb4c75a58b074ab79

SHA512
51be015e5933e546e2bcd3d246d1ba8e90afeec2129d1bad31218d6a925d9a3655e028f56cfb2cc9d432a8c27b0794357957b39ce2e0684433d982ef7601aa06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe

Filesize
192KB

MD5
5a351e8e6c57873c4ed801933fa15ddc

SHA1
c6550b0858a57b8a26ace95c216b766ca97a5e4b

SHA256
90a63dcae5408d4ae8edd22be77c5be83e7f62a44e28b72cb7545f987858b986

SHA512
7210e0e0428503b1e3a1eb5e1f3408e3091b9e1e5a7f0e0f6cd9a2b7b27bb36acc63083945f78c387d87ffc6d8616a63bedf5b6f87d43c0c0fccd6d4e666fe29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe

Filesize
192KB

MD5
b0b7c6be9c5b1bd45eb6eb468515eee6

SHA1
2e2791a6420b68952914ee37c1aead321a287269

SHA256
0d97be2819936a5b84f0747b896185586677411bc7822324b585851f8ef35dc7

SHA512
5b00a42bb2a32b09b58814e438da6edc567c0c2969f06120c201d2097d35d99dec2dbd85aa1744943086d7743564069f698ebb5974030f0b0a9a7c9204b99c7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe

Filesize
192KB

MD5
15b703f6e7684c57b9f41d25d785ef45

SHA1
5263109b5f718b4de32e2ffb47cfae1a033e0012

SHA256
4ad47d328b00a3ca4da0f5759002a4a36884f6a75dfe1562bf61239b7b6aa085

SHA512
32b5eebf2d990786c611c21226ef27f4f522c366ead51eaa81d6001b72fd920949c25b549f165c5f724acdf2d18f23d74956cb28c9cd3931910ac484d3ba8df7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe

Filesize
192KB

MD5
86a262935f303cd7ed38f7a1c189a887

SHA1
9eee5da78637e8b786d3544b61a6dc69fe44b0fe

SHA256
0b6ce61fcf3e754921e9b2d4ada2d52c7bb23269a6652f6f40c8ff6457b41c52

SHA512
8b434bc52eecdcd4c393782bd58df421c5718fbde062d4c9241bcb73dfbf80e6bf13fe1046daf47579b2a6b77990c5ebfe760b0999b21a7a42be6f6ae3d85bce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe

Filesize
192KB

MD5
c6d133cc402e5d06333a02855b98d7dc

SHA1
f6b6239296dd39bf474d8d1b8c3a5843ba5d69ee

SHA256
43825e4e85be41292bb4fe137f15a50d7909c719e28aa721bdf8e3c2f4743e9a

SHA512
8efa8e2c060189b7ca3795863e7b8e58240358e3f652f9d2bf3d046ab8fd12a7bf19cd1101ae5b82a7938fd52c498ecc71fd5ba8a63d67c2e2b8a23bb24eabcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe

Filesize
192KB

MD5
43ab00d685685fbbe0f17bd22ecdfb50

SHA1
45aaaec5f4c94532d0b4b47363ed77cc0fa5d936

SHA256
391442e813ba5d407941b4cccdeaa37e4ce8872bd6f32866dd6faa18bd1e86f8

SHA512
1463bf3cf37cf74869c21613aa0d9fe50691003fd8d2fe46869ceb84a6752149e3b8772d1eeea0bd5ee8ad43f53c19e092837ccbcd2b842098845e7a77f42d46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe

Filesize
192KB

MD5
b548f0600b84441456a834902dd5c91d

SHA1
35ca19c80ddf9363032b2a819550609687e5fadf

SHA256
d2afffe9103a1dcc7b5b07e0d026cb0e9c40052d767769589ac0429351f36ab7

SHA512
6dfa1f3aa8bd3ae1bebc5a2d1395939625658d8b5fe62e709aa3d06b8e6582af06f4e9938e0d91e8457459892e2868065718d3a262df9175408cb655df0f13bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27177.exe

Filesize
192KB

MD5
6dc4be9097352ca87bcd771e6637a11c

SHA1
ac36a2912e2073850256e4fa9bdfc68e68f85384

SHA256
d7e67d1c78b1b80f001fd38054dd5dd6540bc4e3e40076ea34214825fb5040a6

SHA512
77f91a02a3ddd68c505d82913a40c7123e4627fd2e3a34398fbe7103dc79a18402daac386e3f33f0d68b8caa31d8d307a60745b79c01b99d2050c65dd0287876

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe

Filesize
192KB

MD5
d71901dc92acd7171394fec881e64638

SHA1
e846c9f6e6812084b0041f468267005b4f38c9b6

SHA256
6ab12ed7f39ba85c59493b13be05434783dadd8b21bb00d25136b6a90659fabf

SHA512
311b1cb84556a1ec9500db3b6a47fe2b562c1b0b6c2fd4ee6f4f5582eeab0aca01a712530a8a8d02c82aaf74eba3242f53af031171e8c90af1b51a2e7c650d85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32719.exe

Filesize
192KB

MD5
ba03070dc437148fcacc999f122e7a37

SHA1
90d572e0576bf3a5662d36ee64a88db5539115b6

SHA256
10199f3475ed4d4d75806c8f5c9f2930f980e4a95364e58064b3e38e8846209a

SHA512
b19aee74b55943e8d124b49c08da8e08dbb447d3aa347abfe9a69770f8399563061e4848c1582adfa85553cef9d2cb3f3a95234d8670f56a606b1f012c955155

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe

Filesize
192KB

MD5
6744a03c3c57719a675ff56cbd8fddf6

SHA1
dc68fbe3a9c1741792791f48abec999a19ea3f73

SHA256
a147da8b783df63ab0afbbfd3695523a9ef7fb0c169e67acef058149c8ac33a6

SHA512
a542d9c00893e161a777f44615d43ad75acb5add1f47ac13d827c0e35279ab6c72f0a4c6bed1ffbaad0887427b1057db75dbb11a987a1fcdf537d969ee097878

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe

Filesize
192KB

MD5
e6c9ced24b7f462a37c7334fcb5d6935

SHA1
60ca8c32dd98ce3933764b6190ea7294dfa79b3b

SHA256
9cb6602cb90ed1485afaea982c618e7a7c9b01d08b041f6a444d54913990b64a

SHA512
fcbed2afdb1c0e020bea630d0c0a990c8051f05be2d72ed9b31f727c7ff9b52619e96a4d1f1ff0a9ae11f4530f57b804c5da0f440722fa62e21e772a5ca8623b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe

Filesize
192KB

MD5
9881e707179f52abca18631d48310514

SHA1
86c58d37507cdfcfe40c47dae53fff97b134accd

SHA256
6bd8e765b0b4bdffb6015118011a5e4cb306e0e17eebab9323d11a407ca22e49

SHA512
f65b8d519c06f9bf58c7ee147bd628e5a37498bcec763d7ecfcc1917df0fcc0d7c91e7c993b79fc4304b6004fe49499984ed8ac7736d17dca326af7039755db2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe

Filesize
192KB

MD5
e92c76f287dc314a152b8f8c0f5a3922

SHA1
1b09de6274568b579a28284682cef1f448a56f00

SHA256
98ce0cf7579339c8b48b64e599d8ddaa8518a3fe16e5f770451ab7b9db982a8a

SHA512
861d78254748e7ac74b5411665d567088ebff713b323722931946ebe4ba1ef9eb667526834f0e641ef0997b7a39370cbbda608351438f42d11fa2771f98f1825

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe

Filesize
192KB

MD5
f1c8dbe1346d1a745288c74d9c1b62f5

SHA1
6b2f18523b22f89751f885777183b478e1f9e6b5

SHA256
539f508d628e5d005e78811be4f4196e31f72909f4f776580325f5a50bf647fb

SHA512
3753a9d5d48d69075282d13cdbd5dd1f13f6e405f57f972836273c8f832c5569443f69f0f7186af13042d3585a330c8b190faa44e3cb58b25576d10e5093575d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe

Filesize
192KB

MD5
1706915042ec282efcbf1cad3e4357bb

SHA1
aa99433ab30193ce6c0bb52458a27d1c1b1a9945

SHA256
872710260b2fc4d1ce05f7f1f3b289d360e10be5efa4cea3dba6443d021cfb43

SHA512
f8ae819612787c896a78550345113f6b5b83197ffc61cf804960bc7c172d75429de68bb9d5e8647a3511941ee0b446bc8e5a9c553b8b6ea7b48d391b5d589f32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60689.exe

Filesize
192KB

MD5
73741c25bd238a255a6e03b4ddc6c2d7

SHA1
d4db9df2c64f1eef44506cd4586ab94f1b737c88

SHA256
d9902c252b595bf10905d91dc6c115b38e9c6e77fbe8ca705fcd2fa695baf07a

SHA512
18bd2646a2a92563289bd748a719e7bb5ef2bf09de6de9b0932ecd4466e3cc6ef6d5385eb69c85447219eec94bbdb4f39952f01067549ec2539ff073c971414d

Download Submit