5f9c23e8aaec36110a651416bf81c78752a58e1925cc8c179669fed5ed1b9185

Analysis

max time kernel
112s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

999965672705e7033d1a546da660c480N.exe
Size

468KB
MD5

999965672705e7033d1a546da660c480
SHA1

2cb8113b2a0b257024b63db37e5fdba76d928ddb
SHA256

5f9c23e8aaec36110a651416bf81c78752a58e1925cc8c179669fed5ed1b9185
SHA512

b54371c6bfbc82557f6ddabed02f372cd073fa155d3d72909376e3c36ba84cd3d79b09b0af6f1c815cefe344cbadeb53d1878dcd95293a574e98abaea84b28aa
SSDEEP

3072:FbAdovI76q5yubYjPYmhff8g/EbCP3pAAmHexVokibl7x9jceSle:FbyoVuyuIPrhffFZpdibBrjce

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2796	Unicorn-32941.exe
2700	Unicorn-49638.exe
2172	Unicorn-45725.exe
2624	Unicorn-61880.exe
2580	Unicorn-42014.exe
2148	Unicorn-13255.exe
1264	Unicorn-6741.exe
952	Unicorn-2124.exe
2040	Unicorn-1200.exe
2368	Unicorn-44330.exe
2628	Unicorn-36825.exe
2908	Unicorn-50561.exe
2336	Unicorn-56691.exe
2564	Unicorn-56691.exe
2272	Unicorn-25975.exe
2256	Unicorn-35254.exe
468	Unicorn-11797.exe
2300	Unicorn-39058.exe
2468	Unicorn-35616.exe
1484	Unicorn-58082.exe
980	Unicorn-34241.exe
2476	Unicorn-31640.exe
1856	Unicorn-40978.exe
1408	Unicorn-37314.exe
1168	Unicorn-37579.exe
1524	Unicorn-56603.exe
1360	Unicorn-36737.exe
912	Unicorn-36353.exe
572	Unicorn-7018.exe
2376	Unicorn-63734.exe
2344	Unicorn-32120.exe
1676	Unicorn-41527.exe
2524	Unicorn-61393.exe
1992	Unicorn-5102.exe
1572	Unicorn-60334.exe
2816	Unicorn-62903.exe
2692	Unicorn-4307.exe
2944	Unicorn-18266.exe
2232	Unicorn-43675.exe
1020	Unicorn-3596.exe
872	Unicorn-51956.exe
2588	Unicorn-5324.exe
2280	Unicorn-5324.exe
3044	Unicorn-1987.exe
564	Unicorn-51681.exe
1868	Unicorn-6009.exe
2392	Unicorn-1607.exe
2200	Unicorn-37395.exe
2912	Unicorn-3305.exe
2752	Unicorn-6585.exe
1704	Unicorn-20099.exe
2448	Unicorn-7161.exe
1952	Unicorn-26451.exe
1336	Unicorn-26451.exe
1964	Unicorn-36465.exe
2308	Unicorn-36838.exe
2984	Unicorn-56174.exe
2204	Unicorn-12527.exe
236	Unicorn-45008.exe
2004	Unicorn-45008.exe
1144	Unicorn-57104.exe
976	Unicorn-54228.exe
1880	Unicorn-60093.exe
1684	Unicorn-46326.exe

Loads dropped DLL 64 IoCs

pid	Process
2720	999965672705e7033d1a546da660c480N.exe
2720	999965672705e7033d1a546da660c480N.exe
2796	Unicorn-32941.exe
2796	Unicorn-32941.exe
2720	999965672705e7033d1a546da660c480N.exe
2720	999965672705e7033d1a546da660c480N.exe
2172	Unicorn-45725.exe
2796	Unicorn-32941.exe
2172	Unicorn-45725.exe
2796	Unicorn-32941.exe
2700	Unicorn-49638.exe
2700	Unicorn-49638.exe
2720	999965672705e7033d1a546da660c480N.exe
2720	999965672705e7033d1a546da660c480N.exe
2624	Unicorn-61880.exe
2624	Unicorn-61880.exe
2172	Unicorn-45725.exe
2172	Unicorn-45725.exe
2148	Unicorn-13255.exe
2148	Unicorn-13255.exe
1264	Unicorn-6741.exe
2700	Unicorn-49638.exe
1264	Unicorn-6741.exe
2580	Unicorn-42014.exe
2700	Unicorn-49638.exe
2580	Unicorn-42014.exe
2796	Unicorn-32941.exe
2796	Unicorn-32941.exe
2720	999965672705e7033d1a546da660c480N.exe
2720	999965672705e7033d1a546da660c480N.exe
952	Unicorn-2124.exe
952	Unicorn-2124.exe
2624	Unicorn-61880.exe
2624	Unicorn-61880.exe
2040	Unicorn-1200.exe
2040	Unicorn-1200.exe
2172	Unicorn-45725.exe
2172	Unicorn-45725.exe
2368	Unicorn-44330.exe
2368	Unicorn-44330.exe
2148	Unicorn-13255.exe
2148	Unicorn-13255.exe
2700	Unicorn-49638.exe
2700	Unicorn-49638.exe
2908	Unicorn-50561.exe
2908	Unicorn-50561.exe
2796	Unicorn-32941.exe
2564	Unicorn-56691.exe
2796	Unicorn-32941.exe
2564	Unicorn-56691.exe
2580	Unicorn-42014.exe
2336	Unicorn-56691.exe
2580	Unicorn-42014.exe
2336	Unicorn-56691.exe
1264	Unicorn-6741.exe
1264	Unicorn-6741.exe
2272	Unicorn-25975.exe
2272	Unicorn-25975.exe
2720	999965672705e7033d1a546da660c480N.exe
2720	999965672705e7033d1a546da660c480N.exe
2256	Unicorn-35254.exe
2256	Unicorn-35254.exe
952	Unicorn-2124.exe
952	Unicorn-2124.exe

Program crash 17 IoCs

pid	pid_target	Process	procid_target
848	2436	WerFault.exe	113
2352	2592	WerFault.exe	104
3616	3948	WerFault.exe	289
3996	3844	WerFault.exe	278
3956	3748	WerFault.exe	274
3272	3888	WerFault.exe	285
3256	3872	WerFault.exe	283
3744	3784	WerFault.exe	273
3088	3852	WerFault.exe	280
3940	3836	WerFault.exe	279
3624	3932	WerFault.exe	288
3276	3780	WerFault.exe	275
3908	3880	WerFault.exe	284
3964	3856	WerFault.exe	281
3252	3864	WerFault.exe	282
3236	3760	WerFault.exe	276
3980	3816	WerFault.exe	277

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62393.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2720	999965672705e7033d1a546da660c480N.exe
2796	Unicorn-32941.exe
2700	Unicorn-49638.exe
2172	Unicorn-45725.exe
2624	Unicorn-61880.exe
2580	Unicorn-42014.exe
2148	Unicorn-13255.exe
1264	Unicorn-6741.exe
952	Unicorn-2124.exe
2040	Unicorn-1200.exe
2336	Unicorn-56691.exe
2628	Unicorn-36825.exe
2908	Unicorn-50561.exe
2368	Unicorn-44330.exe
2564	Unicorn-56691.exe
2272	Unicorn-25975.exe
2256	Unicorn-35254.exe
468	Unicorn-11797.exe
2468	Unicorn-35616.exe
1484	Unicorn-58082.exe
2300	Unicorn-39058.exe
980	Unicorn-34241.exe
2476	Unicorn-31640.exe
1408	Unicorn-37314.exe
1168	Unicorn-37579.exe
1524	Unicorn-56603.exe
1360	Unicorn-36737.exe
1856	Unicorn-40978.exe
912	Unicorn-36353.exe
572	Unicorn-7018.exe
2376	Unicorn-63734.exe
2344	Unicorn-32120.exe
1992	Unicorn-5102.exe
2524	Unicorn-61393.exe
1676	Unicorn-41527.exe
1572	Unicorn-60334.exe
2816	Unicorn-62903.exe
2944	Unicorn-18266.exe
2692	Unicorn-4307.exe
2232	Unicorn-43675.exe
1020	Unicorn-3596.exe
872	Unicorn-51956.exe
2588	Unicorn-5324.exe
2280	Unicorn-5324.exe
3044	Unicorn-1987.exe
564	Unicorn-51681.exe
1868	Unicorn-6009.exe
2392	Unicorn-1607.exe
2912	Unicorn-3305.exe
2200	Unicorn-37395.exe
1704	Unicorn-20099.exe
2752	Unicorn-6585.exe
1964	Unicorn-36465.exe
2448	Unicorn-7161.exe
2204	Unicorn-12527.exe
1952	Unicorn-26451.exe
2308	Unicorn-36838.exe
2984	Unicorn-56174.exe
1336	Unicorn-26451.exe
2004	Unicorn-45008.exe
236	Unicorn-45008.exe
1144	Unicorn-57104.exe
1880	Unicorn-60093.exe
976	Unicorn-54228.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2796	2720	999965672705e7033d1a546da660c480N.exe	30
PID 2720 wrote to memory of 2796	2720	999965672705e7033d1a546da660c480N.exe	30
PID 2720 wrote to memory of 2796	2720	999965672705e7033d1a546da660c480N.exe	30
PID 2720 wrote to memory of 2796	2720	999965672705e7033d1a546da660c480N.exe	30
PID 2796 wrote to memory of 2700	2796	Unicorn-32941.exe	31
PID 2796 wrote to memory of 2700	2796	Unicorn-32941.exe	31
PID 2796 wrote to memory of 2700	2796	Unicorn-32941.exe	31
PID 2796 wrote to memory of 2700	2796	Unicorn-32941.exe	31
PID 2720 wrote to memory of 2172	2720	999965672705e7033d1a546da660c480N.exe	32
PID 2720 wrote to memory of 2172	2720	999965672705e7033d1a546da660c480N.exe	32
PID 2720 wrote to memory of 2172	2720	999965672705e7033d1a546da660c480N.exe	32
PID 2720 wrote to memory of 2172	2720	999965672705e7033d1a546da660c480N.exe	32
PID 2172 wrote to memory of 2624	2172	Unicorn-45725.exe	33
PID 2172 wrote to memory of 2624	2172	Unicorn-45725.exe	33
PID 2172 wrote to memory of 2624	2172	Unicorn-45725.exe	33
PID 2172 wrote to memory of 2624	2172	Unicorn-45725.exe	33
PID 2796 wrote to memory of 2580	2796	Unicorn-32941.exe	34
PID 2796 wrote to memory of 2580	2796	Unicorn-32941.exe	34
PID 2796 wrote to memory of 2580	2796	Unicorn-32941.exe	34
PID 2796 wrote to memory of 2580	2796	Unicorn-32941.exe	34
PID 2700 wrote to memory of 2148	2700	Unicorn-49638.exe	35
PID 2700 wrote to memory of 2148	2700	Unicorn-49638.exe	35
PID 2700 wrote to memory of 2148	2700	Unicorn-49638.exe	35
PID 2700 wrote to memory of 2148	2700	Unicorn-49638.exe	35
PID 2720 wrote to memory of 1264	2720	999965672705e7033d1a546da660c480N.exe	36
PID 2720 wrote to memory of 1264	2720	999965672705e7033d1a546da660c480N.exe	36
PID 2720 wrote to memory of 1264	2720	999965672705e7033d1a546da660c480N.exe	36
PID 2720 wrote to memory of 1264	2720	999965672705e7033d1a546da660c480N.exe	36
PID 2624 wrote to memory of 952	2624	Unicorn-61880.exe	37
PID 2624 wrote to memory of 952	2624	Unicorn-61880.exe	37
PID 2624 wrote to memory of 952	2624	Unicorn-61880.exe	37
PID 2624 wrote to memory of 952	2624	Unicorn-61880.exe	37
PID 2172 wrote to memory of 2040	2172	Unicorn-45725.exe	38
PID 2172 wrote to memory of 2040	2172	Unicorn-45725.exe	38
PID 2172 wrote to memory of 2040	2172	Unicorn-45725.exe	38
PID 2172 wrote to memory of 2040	2172	Unicorn-45725.exe	38
PID 2148 wrote to memory of 2368	2148	Unicorn-13255.exe	39
PID 2148 wrote to memory of 2368	2148	Unicorn-13255.exe	39
PID 2148 wrote to memory of 2368	2148	Unicorn-13255.exe	39
PID 2148 wrote to memory of 2368	2148	Unicorn-13255.exe	39
PID 1264 wrote to memory of 2336	1264	Unicorn-6741.exe	40
PID 1264 wrote to memory of 2336	1264	Unicorn-6741.exe	40
PID 1264 wrote to memory of 2336	1264	Unicorn-6741.exe	40
PID 1264 wrote to memory of 2336	1264	Unicorn-6741.exe	40
PID 2700 wrote to memory of 2628	2700	Unicorn-49638.exe	41
PID 2700 wrote to memory of 2628	2700	Unicorn-49638.exe	41
PID 2700 wrote to memory of 2628	2700	Unicorn-49638.exe	41
PID 2700 wrote to memory of 2628	2700	Unicorn-49638.exe	41
PID 2580 wrote to memory of 2564	2580	Unicorn-42014.exe	42
PID 2580 wrote to memory of 2564	2580	Unicorn-42014.exe	42
PID 2580 wrote to memory of 2564	2580	Unicorn-42014.exe	42
PID 2580 wrote to memory of 2564	2580	Unicorn-42014.exe	42
PID 2796 wrote to memory of 2908	2796	Unicorn-32941.exe	43
PID 2796 wrote to memory of 2908	2796	Unicorn-32941.exe	43
PID 2796 wrote to memory of 2908	2796	Unicorn-32941.exe	43
PID 2796 wrote to memory of 2908	2796	Unicorn-32941.exe	43
PID 2720 wrote to memory of 2272	2720	999965672705e7033d1a546da660c480N.exe	44
PID 2720 wrote to memory of 2272	2720	999965672705e7033d1a546da660c480N.exe	44
PID 2720 wrote to memory of 2272	2720	999965672705e7033d1a546da660c480N.exe	44
PID 2720 wrote to memory of 2272	2720	999965672705e7033d1a546da660c480N.exe	44
PID 952 wrote to memory of 2256	952	Unicorn-2124.exe	45
PID 952 wrote to memory of 2256	952	Unicorn-2124.exe	45
PID 952 wrote to memory of 2256	952	Unicorn-2124.exe	45
PID 952 wrote to memory of 2256	952	Unicorn-2124.exe	45

C:\Users\Admin\AppData\Local\Temp\999965672705e7033d1a546da660c480N.exe
"C:\Users\Admin\AppData\Local\Temp\999965672705e7033d1a546da660c480N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        7⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 188
        8⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        7⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        7⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59329.exe
        6⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34241.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22980.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        6⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 188
        7⤵
        Program crash
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        5⤵
        
        PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42545.exe
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        6⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        6⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 188
        7⤵
        Program crash
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20450.exe
        6⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        5⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40585.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38239.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        
        PID:3856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 188
        6⤵
        Program crash
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
        5⤵
        
        PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
      4⤵
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
      4⤵
      PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
      4⤵
      PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        6⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        6⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 188
        7⤵
        Program crash
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        6⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36737.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        6⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        6⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        
        PID:3836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 188
        6⤵
        Program crash
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
        6⤵
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        6⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        5⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        
        PID:3784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 188
        6⤵
        Program crash
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        5⤵
        
        PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
      4⤵
      PID:2592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 220
        5⤵
        Program crash
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
        5⤵
        Executes dropped EXE
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65298.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
      4⤵
      PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
      4⤵
      PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37314.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
      4⤵
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
      4⤵
      PID:3780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 188
        5⤵
        Program crash
        
        PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
      4⤵
      PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51615.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
      4⤵
      PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
      4⤵
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
    3⤵
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
    3⤵
    PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
    3⤵
    PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
    3⤵
    PID:6684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13757.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        8⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        7⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50354.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        6⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        6⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        6⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 188
        7⤵
        Program crash
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        5⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
        5⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43235.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        5⤵
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        7⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        6⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 188
        7⤵
        Program crash
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        7⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        6⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        6⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 188
        7⤵
        Program crash
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46707.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43619.exe
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38345.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        5⤵
        
        PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      4⤵
      PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
      4⤵
      PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49345.exe
        6⤵
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        6⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        6⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        
        PID:3872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 188
        6⤵
        Program crash
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        5⤵
        
        PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
      4⤵
      PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
      4⤵
      PID:3748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 188
        5⤵
        Program crash
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
      4⤵
      PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
    3⤵
    PID:3184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
    3⤵
    PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
    3⤵
    PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
    3⤵
    PID:6748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        6⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        6⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        5⤵
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        5⤵
        
        PID:3864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 188
        6⤵
        Program crash
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
      4⤵
      PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41162.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
      4⤵
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
      4⤵
      PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
      4⤵
      PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
      4⤵
      PID:520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
      4⤵
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
      4⤵
      PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1607.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32496.exe
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
    3⤵
    PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
    3⤵
    PID:4788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
    3⤵
    PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
    3⤵
    PID:6564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61894.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40585.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
      4⤵
      PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16317.exe
      4⤵
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
      4⤵
      PID:6344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
      4⤵
      PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
      4⤵
      PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
    3⤵
    PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
    3⤵
    PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
    3⤵
    PID:6324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
      4⤵
      PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
    3⤵
    PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
    3⤵
    PID:5204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
    3⤵
    PID:3816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 188
      4⤵
      Program crash
      PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
    3⤵
    PID:5548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59669.exe
    3⤵
    PID:6796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
  2⤵
  PID:2436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 188
    3⤵
    - Program crash
    PID:848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
  2⤵
  PID:1012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
  2⤵
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59391.exe
  2⤵
  PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65423.exe
  2⤵
  PID:5460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
  2⤵
  PID:6672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11797.exe

Filesize
468KB

MD5
c14017421ea1a30c2705d50964e8abed

SHA1
9d840d8cc84cef6b7f91ed5902de298494c75f93

SHA256
54a6cc2dc33f4353887a4b1f2707eb56b50c28397c633a517502b7c5fdf1ba7f

SHA512
32a3521f3881cc7506011b328abdadf42b1786cef364106bf986a6d57d9a16b4a7eb15f57d2c84d96dfa8c1f71817d0fd19225dcd7cbfbe93b2202c1bc389ff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13255.exe

Filesize
468KB

MD5
10f4640f599a4b26d8840aa699a4bb7a

SHA1
3528e7a14940ede75b8363dd3cc3e0958ea23dcc

SHA256
7ec53fa2073637fbe8eb42ff0a9c4295ff8143c2ac4e6d0527c800238d0298fa

SHA512
e64ec3b4e2977195b80d145d3a65510b39d1d9e2a22357f634f9a2c8f3e3309bcf23b1ce60335404db13a18e7ac91ec3f9aa588ec283d8a2c88a63ac97f20ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe

Filesize
468KB

MD5
47445301090b5fe32c4c0f0d50c2a1bd

SHA1
d1074bf7e2b126ab188978011e5e2f05a4183985

SHA256
8a008b5a800fbed3c6036f1d52db5731cc6923c45f8ddd6c7995105aa32bb1d4

SHA512
862995579edb98525c007723e2003de257a7ac6a347c4c8d76a73eb72085c70889c942f511b0b0a37184794bff849cbc8943a9306f56da6a97db92e5d2d3bc13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe

Filesize
468KB

MD5
528dc269780cda03376ec86e9539991c

SHA1
e300a322b0a19ea7210664aa3e92ac35527060dc

SHA256
98851252e110b74a5cac2481b54701a2e9041e536f34f2cd4300cdc975770289

SHA512
0847a5eb520a06bf4bd461232cd6dac2ff03680757d7ae03c39cd46594678bb88fdf6af7d958f6f1358f62c543ba7ec2d8a853e31920a4a066e05e9a2bfb1a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe

Filesize
468KB

MD5
d819dc932b9594a4977c328437d80744

SHA1
c7011a217242d0b4e0973544187d57e55e59affd

SHA256
bd6c9eebf66819d8505ffd7c16f90da513b006774ea780ce157f598db97aae72

SHA512
3e74ad304497fb5ada4eaea5a4d2dc1bb4a9ab685455ac41044f26b1a0c8f6acc7b7e41314b049ffcb64913e292a15e18b96da3a7f7490651176fe473d10f01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe

Filesize
468KB

MD5
9e8ea71cad35b0e2ce690c1a565228a9

SHA1
57f1229568d6ed2ca31cb7566d1ebfc11724ff99

SHA256
07014b621639f868a7c7c152550b7d4ff349349ed43ab7e34ac6b9db7e7588a7

SHA512
664bfc2a078662949ebbbdc5e7bf0d810ea30c2eda32d07f802f75211944d37199b36f7e9f7eb7d1519f69f26ff6f9850cd3150ddc7fee34bf2b8d8cc87dc28b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe

Filesize
468KB

MD5
b5dd0a8d77f17ad5239ba374f596ceee

SHA1
c2222ea36a9cf3c07aa66ad45db0b9e7fe291090

SHA256
c8a32f42aa28278ed92f7f176c4438885e6d14a5691c3b594610f0e886e721d6

SHA512
38c51af09a363fe5beff9f4f90b3522344025a1568ef9351b6a60a70a393c6dbed588385d98b7f26d03d14193a8a90dc97b9e5c05a64cd63ed67c43f3cd7921d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe

Filesize
468KB

MD5
05816ba62deb59a4ee46c78396c36e2a

SHA1
e0a99ff927e5630a5581bc9b949a44441d599a1d

SHA256
42e3378a40b16b274530f9303537c554f0180b9fa22e39b78460d94261851f28

SHA512
7d42ab1ae3ec6bce2869448b5bb261fba99b00c56d67132329d1a6928f520e85d057e7ca92f1bea015cc003ef02c744cb56ec27b0ab3a06f10e57bc3e577a046

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1200.exe

Filesize
468KB

MD5
3ea8e5f0e7f51d98f9519d31a5708f43

SHA1
2d0abeb67cb4c196acb753ba24ecd388806f7202

SHA256
f86e9fe001ff7e74ab86dc65c2ec018606e6696f8ddf2ccb7250c47633c000b7

SHA512
30eaef2a153b6c6e48036b920250beab6fd53942d16ee70c4fae30bea47e39c143461d7ccf416ed2605a3c204c8eefd5781ec4d67ec80276a63c954eaf997996

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe

Filesize
468KB

MD5
678d247164c77162128b91336d21c466

SHA1
254690853a05d9b768d3457e4e78b68df0cba7a9

SHA256
8735ffaf9bc1fb86b3f2dacdef8f2636334afe975bc3eeb908254294281a84dd

SHA512
d4ddf78a3b349452db9f819565c28b03b75048a6ff8e79e1ffbe2bb35e38109e28b239a4c22a104f30216bb396f0bd92be0cefcd21697dd33fb1928eeed0f576

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe

Filesize
468KB

MD5
e34f3683c170ad7174b012e00281f867

SHA1
768e5943f9271e9d6371b11581a998af9c4be71f

SHA256
631c1cf82581d407f82ccb5432d7b2edf3af45a505cf0b896390dc8462985c07

SHA512
52bceba095dd7e49ce463bdcbdda6f899c43544ca276fb22c81323fe660f6204d99777885065f66a6451bcf752ef1b20dffb7ade475748cec909c46ad383da35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe

Filesize
468KB

MD5
b2055eb800a38229576c833a32802d1b

SHA1
8ca69222cc0a67b2d5e74d1e4689c7fad9a06c1b

SHA256
4ed0c051cc43769fc767deae002d7a69fe78225fc510d614d91a06f2992da2bf

SHA512
833ddd971f970d11d75badadc7b7881ca5e061158af12fdb8f368ffe2996410a81a04a2860b2ed303b0a49df1ba1fa90707e10d69d14b9a94ad516c31d4bf7fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe

Filesize
468KB

MD5
9455042ccb415400a55704318c29c10f

SHA1
a98d884709be2e091a8fcc20fd35297265e2e9e5

SHA256
92e2d7104cdaee6ca4bc16055fffbf41b314b703dee4a95eac8e42b80ba3e64e

SHA512
77d6999c023749fd1e2a862c0ff1d977dc1aac76738d3cbb889b6345ce210d8e1628e62dab2fd8faa31af044f0d2590552c4888eb84acf2f18f322311cb1f81c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe

Filesize
468KB

MD5
4d60d5c2581ed504c9ff1d527b31189c

SHA1
4458a7b3f4f6c0d317dc60e6b3dba2ec28486105

SHA256
07ec02792b77b8a2ac90c174d4e8ace9a1454cecae7815c7683497c3cb78edee

SHA512
b1b8cbe34b4afda12d34475f41c4f562e0938721bfca3d281321e22bc9c44b1bcc8ca5d3253c8bfd5e829c69e5bc01f691e187ccd0f60c416c87c8f9da6f55fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe

Filesize
468KB

MD5
75465587056c02afd1a48e26550d120b

SHA1
799fb3ad90a01ecac89539264c366e3fabfbc77f

SHA256
6d8709e42fd937765f357ae53442eafb6c57a575b88b0fc33e82ef4d64b8245b

SHA512
d43fc078be7fb560c8f811869a58315ff09e577e05d6d9e68cba44fbe49ad3be19ad60b3ad10bb34c525e89303ee197985cf7768e4c04c0f53e7aee71bdd72fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe

Filesize
468KB

MD5
7def7f553594419410881882a4b699c1

SHA1
65e8b7e39293017dd16288456c3b35b7154ec628

SHA256
53bafc299900da1d800f3b9dd4bb947a67eef0a7b32fb25923f238c363b6f365

SHA512
e9d44e3ac7e1d623d53f8756822bec886d0f05da1ac7c4961258541c767f182489839e0e2eb810f7428e3f013591ebb2e8018ad9f78e352221d457d72c4d7510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe

Filesize
468KB

MD5
0e4f0911f4e024615212dc3d16c1426f

SHA1
e655fa36cee7fa39d15672c64db12a1785fadebe

SHA256
e3eaef3136e8602fbd3647a85b4f78dc362190537beaae414db65993f9fd624e

SHA512
401db5f99eaed577aea6b90aef06eec0129dbe58c0b0ffc9fc1f5834be78e7f5c29f5ba1fe99c63fd27bdadb3fc960daa55a8605faa7f63ffbff49a4205608b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49638.exe

Filesize
468KB

MD5
918ca6303f032308e3d7ae5403da6792

SHA1
47d0b8fe03efa97153efbd6c29bf84c66c44722d

SHA256
8646e494f2aa0330151ea8c0bc4b1efa88cd034c22e8babe2f3daeebc653d77d

SHA512
99da944b7ee131e60b02dc4fd3ab4dad273df1e7e8b13476ffb2b1596fab972f32212724a1967a25cb30e8d69368362c54b5c7179f032d8e8f724ae4e9c5a4cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe

Filesize
468KB

MD5
213fce9c12bf1d9ec64447da2822bc7e

SHA1
d690b97d4ad8ee36ac29b814925b140039dd5977

SHA256
ad0bcede6e7d77048ccc1d7545698f4050bb13bd15f7d4834ef8f5722cb5b587

SHA512
b428f83fda21f32f4f61ee13e4ba0902aaf222700c505ac2ae721248528123075c2f4aa10b1a091ced5cadf43244e177bea798a90faa1a3b247ae6ed395bf9b3

Download Submit