f3077ace065ba99238324b4dce2457889438eb03e1e63b7f15ca18b499d22e92

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bfd7579837bb6b3f0909189cbb95260N.exe
Size

192KB
MD5

3bfd7579837bb6b3f0909189cbb95260
SHA1

42823de9fcd69fc13212ae40acf02d4630c60f20
SHA256

f3077ace065ba99238324b4dce2457889438eb03e1e63b7f15ca18b499d22e92
SHA512

946a3aee5698a765e07b3c5da491a8d933f21727af1da835c39b5fcb29773f96943b418533d99d4f373a364202d5d0448229cf44c94f8e019f5b6e636d16d17b
SSDEEP

3072:7QXooXqrkJid1YX2dfG1h8zzQmy6GajDtjXxsdE1kNwivxFK:7QYo9Md1Hd+1h8j/o7NwivxF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2776	Unicorn-52143.exe
2680	Unicorn-28874.exe
2712	Unicorn-61909.exe
2600	Unicorn-34938.exe
2624	Unicorn-60189.exe
2996	Unicorn-6349.exe
2584	Unicorn-63007.exe
1952	Unicorn-54455.exe
1872	Unicorn-26421.exe
708	Unicorn-50371.exe
968	Unicorn-14169.exe
1928	Unicorn-9696.exe
1828	Unicorn-30863.exe
2052	Unicorn-19209.exe
2928	Unicorn-31461.exe
2764	Unicorn-56712.exe
2232	Unicorn-11040.exe
1972	Unicorn-60241.exe
1140	Unicorn-15871.exe
1540	Unicorn-4865.exe
1976	Unicorn-30116.exe
644	Unicorn-38882.exe
2300	Unicorn-59494.exe
1456	Unicorn-63941.exe
1756	Unicorn-59302.exe
2448	Unicorn-35352.exe
1944	Unicorn-42966.exe
1948	Unicorn-30330.exe
2344	Unicorn-1741.exe
1860	Unicorn-47413.exe
2800	Unicorn-43328.exe
2792	Unicorn-63194.exe
2568	Unicorn-70.exe
2564	Unicorn-22389.exe
1640	Unicorn-34087.exe
1716	Unicorn-9582.exe
2640	Unicorn-47086.exe
3008	Unicorn-50231.exe
2608	Unicorn-26281.exe
1520	Unicorn-29811.exe
1488	Unicorn-41871.exe
1288	Unicorn-1585.exe
1072	Unicorn-58399.exe
1760	Unicorn-25343.exe
1984	Unicorn-21259.exe
112	Unicorn-52815.exe
2932	Unicorn-52260.exe
1120	Unicorn-52260.exe
2364	Unicorn-65259.exe
2236	Unicorn-15503.exe
2164	Unicorn-64320.exe
1312	Unicorn-11782.exe
1084	Unicorn-65067.exe
1644	Unicorn-57844.exe
1240	Unicorn-59084.exe
1712	Unicorn-50361.exe
2320	Unicorn-24788.exe
2020	Unicorn-42555.exe
2248	Unicorn-42001.exe
2380	Unicorn-14564.exe
3060	Unicorn-34985.exe
2812	Unicorn-34985.exe
2656	Unicorn-19011.exe
2760	Unicorn-30709.exe

Loads dropped DLL 64 IoCs

pid	Process
1876	3bfd7579837bb6b3f0909189cbb95260N.exe
1876	3bfd7579837bb6b3f0909189cbb95260N.exe
2776	Unicorn-52143.exe
2776	Unicorn-52143.exe
1876	3bfd7579837bb6b3f0909189cbb95260N.exe
1876	3bfd7579837bb6b3f0909189cbb95260N.exe
2680	Unicorn-28874.exe
2680	Unicorn-28874.exe
2776	Unicorn-52143.exe
2776	Unicorn-52143.exe
2712	Unicorn-61909.exe
2712	Unicorn-61909.exe
2624	Unicorn-60189.exe
2624	Unicorn-60189.exe
2600	Unicorn-34938.exe
2600	Unicorn-34938.exe
2680	Unicorn-28874.exe
2680	Unicorn-28874.exe
2996	Unicorn-6349.exe
2996	Unicorn-6349.exe
2712	Unicorn-61909.exe
2712	Unicorn-61909.exe
2584	Unicorn-63007.exe
2584	Unicorn-63007.exe
2624	Unicorn-60189.exe
2624	Unicorn-60189.exe
708	Unicorn-50371.exe
708	Unicorn-50371.exe
1872	Unicorn-26421.exe
1872	Unicorn-26421.exe
2996	Unicorn-6349.exe
2996	Unicorn-6349.exe
968	Unicorn-14169.exe
968	Unicorn-14169.exe
1952	Unicorn-54455.exe
1952	Unicorn-54455.exe
2600	Unicorn-34938.exe
2600	Unicorn-34938.exe
1928	Unicorn-9696.exe
1928	Unicorn-9696.exe
2584	Unicorn-63007.exe
2584	Unicorn-63007.exe
1828	Unicorn-30863.exe
1828	Unicorn-30863.exe
2052	Unicorn-19209.exe
2052	Unicorn-19209.exe
1872	Unicorn-26421.exe
1872	Unicorn-26421.exe
1972	Unicorn-60241.exe
1972	Unicorn-60241.exe
1952	Unicorn-54455.exe
1952	Unicorn-54455.exe
1140	Unicorn-15871.exe
1140	Unicorn-15871.exe
2232	Unicorn-11040.exe
2232	Unicorn-11040.exe
2928	Unicorn-31461.exe
968	Unicorn-14169.exe
2928	Unicorn-31461.exe
968	Unicorn-14169.exe
708	Unicorn-50371.exe
2764	Unicorn-56712.exe
708	Unicorn-50371.exe
2764	Unicorn-56712.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
112	308	WerFault.exe	147
1308	1624	WerFault.exe	165
1840	828	WerFault.exe	260
2720	2936	WerFault.exe	271
2332	2348	WerFault.exe	331
1748	1648	WerFault.exe	286
1664	2516	WerFault.exe	288
1084	1644	WerFault.exe	287
2356	1948	WerFault.exe	380
1520	600	WerFault.exe	325
2228	2528	WerFault.exe	363
2160	2756	WerFault.exe	434

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7718.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1876	3bfd7579837bb6b3f0909189cbb95260N.exe
2776	Unicorn-52143.exe
2680	Unicorn-28874.exe
2712	Unicorn-61909.exe
2600	Unicorn-34938.exe
2624	Unicorn-60189.exe
2996	Unicorn-6349.exe
2584	Unicorn-63007.exe
1872	Unicorn-26421.exe
708	Unicorn-50371.exe
1952	Unicorn-54455.exe
968	Unicorn-14169.exe
1928	Unicorn-9696.exe
1828	Unicorn-30863.exe
2052	Unicorn-19209.exe
1972	Unicorn-60241.exe
2232	Unicorn-11040.exe
2764	Unicorn-56712.exe
2928	Unicorn-31461.exe
1140	Unicorn-15871.exe
1540	Unicorn-4865.exe
1976	Unicorn-30116.exe
644	Unicorn-38882.exe
2300	Unicorn-59494.exe
1456	Unicorn-63941.exe
1756	Unicorn-59302.exe
2448	Unicorn-35352.exe
1944	Unicorn-42966.exe
1948	Unicorn-30330.exe
2344	Unicorn-1741.exe
1860	Unicorn-47413.exe
2792	Unicorn-63194.exe
2800	Unicorn-43328.exe
2568	Unicorn-70.exe
2564	Unicorn-22389.exe
1640	Unicorn-34087.exe
1716	Unicorn-9582.exe
2640	Unicorn-47086.exe
3008	Unicorn-50231.exe
2608	Unicorn-26281.exe
1520	Unicorn-29811.exe
1488	Unicorn-41871.exe
1288	Unicorn-1585.exe
1072	Unicorn-58399.exe
1760	Unicorn-25343.exe
1984	Unicorn-21259.exe
112	Unicorn-52815.exe
2932	Unicorn-52260.exe
1120	Unicorn-52260.exe
2364	Unicorn-65259.exe
2236	Unicorn-15503.exe
2164	Unicorn-64320.exe
1312	Unicorn-11782.exe
1084	Unicorn-65067.exe
1644	Unicorn-57844.exe
1240	Unicorn-59084.exe
1712	Unicorn-50361.exe
2320	Unicorn-24788.exe
2020	Unicorn-42555.exe
2248	Unicorn-42001.exe
2380	Unicorn-14564.exe
3060	Unicorn-34985.exe
2812	Unicorn-34985.exe
2760	Unicorn-30709.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2776	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	30
PID 1876 wrote to memory of 2776	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	30
PID 1876 wrote to memory of 2776	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	30
PID 1876 wrote to memory of 2776	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	30
PID 2776 wrote to memory of 2680	2776	Unicorn-52143.exe	31
PID 2776 wrote to memory of 2680	2776	Unicorn-52143.exe	31
PID 2776 wrote to memory of 2680	2776	Unicorn-52143.exe	31
PID 2776 wrote to memory of 2680	2776	Unicorn-52143.exe	31
PID 1876 wrote to memory of 2712	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	32
PID 1876 wrote to memory of 2712	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	32
PID 1876 wrote to memory of 2712	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	32
PID 1876 wrote to memory of 2712	1876	3bfd7579837bb6b3f0909189cbb95260N.exe	32
PID 2680 wrote to memory of 2600	2680	Unicorn-28874.exe	33
PID 2680 wrote to memory of 2600	2680	Unicorn-28874.exe	33
PID 2680 wrote to memory of 2600	2680	Unicorn-28874.exe	33
PID 2680 wrote to memory of 2600	2680	Unicorn-28874.exe	33
PID 2776 wrote to memory of 2624	2776	Unicorn-52143.exe	34
PID 2776 wrote to memory of 2624	2776	Unicorn-52143.exe	34
PID 2776 wrote to memory of 2624	2776	Unicorn-52143.exe	34
PID 2776 wrote to memory of 2624	2776	Unicorn-52143.exe	34
PID 2712 wrote to memory of 2996	2712	Unicorn-61909.exe	35
PID 2712 wrote to memory of 2996	2712	Unicorn-61909.exe	35
PID 2712 wrote to memory of 2996	2712	Unicorn-61909.exe	35
PID 2712 wrote to memory of 2996	2712	Unicorn-61909.exe	35
PID 2624 wrote to memory of 2584	2624	Unicorn-60189.exe	36
PID 2624 wrote to memory of 2584	2624	Unicorn-60189.exe	36
PID 2624 wrote to memory of 2584	2624	Unicorn-60189.exe	36
PID 2624 wrote to memory of 2584	2624	Unicorn-60189.exe	36
PID 2600 wrote to memory of 1952	2600	Unicorn-34938.exe	37
PID 2600 wrote to memory of 1952	2600	Unicorn-34938.exe	37
PID 2600 wrote to memory of 1952	2600	Unicorn-34938.exe	37
PID 2600 wrote to memory of 1952	2600	Unicorn-34938.exe	37
PID 2680 wrote to memory of 1872	2680	Unicorn-28874.exe	38
PID 2680 wrote to memory of 1872	2680	Unicorn-28874.exe	38
PID 2680 wrote to memory of 1872	2680	Unicorn-28874.exe	38
PID 2680 wrote to memory of 1872	2680	Unicorn-28874.exe	38
PID 2996 wrote to memory of 708	2996	Unicorn-6349.exe	39
PID 2996 wrote to memory of 708	2996	Unicorn-6349.exe	39
PID 2996 wrote to memory of 708	2996	Unicorn-6349.exe	39
PID 2996 wrote to memory of 708	2996	Unicorn-6349.exe	39
PID 2712 wrote to memory of 968	2712	Unicorn-61909.exe	40
PID 2712 wrote to memory of 968	2712	Unicorn-61909.exe	40
PID 2712 wrote to memory of 968	2712	Unicorn-61909.exe	40
PID 2712 wrote to memory of 968	2712	Unicorn-61909.exe	40
PID 2584 wrote to memory of 1928	2584	Unicorn-63007.exe	41
PID 2584 wrote to memory of 1928	2584	Unicorn-63007.exe	41
PID 2584 wrote to memory of 1928	2584	Unicorn-63007.exe	41
PID 2584 wrote to memory of 1928	2584	Unicorn-63007.exe	41
PID 2624 wrote to memory of 1828	2624	Unicorn-60189.exe	42
PID 2624 wrote to memory of 1828	2624	Unicorn-60189.exe	42
PID 2624 wrote to memory of 1828	2624	Unicorn-60189.exe	42
PID 2624 wrote to memory of 1828	2624	Unicorn-60189.exe	42
PID 708 wrote to memory of 2928	708	Unicorn-50371.exe	43
PID 708 wrote to memory of 2928	708	Unicorn-50371.exe	43
PID 708 wrote to memory of 2928	708	Unicorn-50371.exe	43
PID 708 wrote to memory of 2928	708	Unicorn-50371.exe	43
PID 1872 wrote to memory of 2052	1872	Unicorn-26421.exe	44
PID 1872 wrote to memory of 2052	1872	Unicorn-26421.exe	44
PID 1872 wrote to memory of 2052	1872	Unicorn-26421.exe	44
PID 1872 wrote to memory of 2052	1872	Unicorn-26421.exe	44
PID 2996 wrote to memory of 2764	2996	Unicorn-6349.exe	45
PID 2996 wrote to memory of 2764	2996	Unicorn-6349.exe	45
PID 2996 wrote to memory of 2764	2996	Unicorn-6349.exe	45
PID 2996 wrote to memory of 2764	2996	Unicorn-6349.exe	45

C:\Users\Admin\AppData\Local\Temp\3bfd7579837bb6b3f0909189cbb95260N.exe
"C:\Users\Admin\AppData\Local\Temp\3bfd7579837bb6b3f0909189cbb95260N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        9⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        10⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10463.exe
        13⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        15⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        16⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1585.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        11⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        12⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
        14⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        15⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        16⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        17⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58399.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        10⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        12⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        15⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        16⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29841.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        9⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        8⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        15⤵
        
        PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        12⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        15⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        16⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 376
        14⤵
        Program crash
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        7⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        9⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        10⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31280.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        12⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        13⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        16⤵
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        12⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        13⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        14⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        15⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
        16⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        17⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        14⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        15⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        16⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8322.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        14⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        16⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        10⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
        13⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        14⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        15⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29660.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        13⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        14⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        15⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        11⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        13⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        14⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        15⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        11⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        12⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        14⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42903.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-70.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        10⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        12⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        13⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe
        14⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        15⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        16⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        17⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        12⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        13⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        14⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        15⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2307.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        11⤵
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        12⤵
        Program crash
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        12⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22586.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        14⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        15⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 224
        16⤵
        Program crash
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
        11⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        14⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        15⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        10⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        13⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        14⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        12⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        14⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 376
        13⤵
        Program crash
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 384
        12⤵
        Program crash
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        11⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        12⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        13⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        14⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        15⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
        16⤵
        Program crash
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        10⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        15⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        14⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        7⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        11⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        12⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31938.exe
        14⤵
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38882.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
        8⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        12⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        14⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        15⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        16⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        12⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        13⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        15⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
        16⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
        13⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        14⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        13⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        14⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        7⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        9⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45430.exe
        13⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        10⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        14⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        14⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        11⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        12⤵
        Program crash
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        13⤵
        
        PID:1368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30709.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        12⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        13⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        14⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        15⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
        16⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        14⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        15⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
        11⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        13⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        14⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        15⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        9⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        10⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        13⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        15⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
        16⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        13⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        12⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        13⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        13⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        14⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        6⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        11⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        12⤵
        Program crash
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29821.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        14⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22017.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        15⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        8⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        10⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        11⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        13⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 380
        12⤵
        Program crash
        
        PID:1520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 376
        11⤵
        Program crash
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        10⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        13⤵
        
        PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
        13⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        14⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        6⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59733.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        8⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        10⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        11⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        12⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        14⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        13⤵
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        8⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        14⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        7⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        8⤵
        Program crash
        
        PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        7⤵
        
        PID:308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 200
        8⤵
        Program crash
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        7⤵
        
        PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe

Filesize
192KB

MD5
fb065d2a22c07a28410b265b56200fb8

SHA1
e053a26368f8d0661ecb9ff5a89e67d7ac224e04

SHA256
79bef7af5f45e605046dd5f2e4294730e6b376b78d571a4f83561c0692f01de0

SHA512
18a250222adfb92ab9355b2ef48e4c874c1c80e064cef742c548d0f6941efc3f0f71732a771b6d87e21bb13ef589392fa57887b89fdb363cbb9dce585ce0756b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe

Filesize
192KB

MD5
b4247c5e1ac6f0443013e1ad3401d588

SHA1
496ee9779d345f2f23ec2f91d70accbc37b363ec

SHA256
f3d5996c4edcdedfb5a23f29a4265316ac73d364910462ec743d3f91ad3edf0f

SHA512
c363fd4a932a076a4cc989bc279b72c44f0a890ada1354628857867ea980c914376b0606dcc39957454d4dc783b12cddc01437498f1ac35997a9058939f614b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe

Filesize
192KB

MD5
8dcce64a4b06709a467468bd060f0a0b

SHA1
5f7be0b1de782e22b4ce93214132e064cdba4831

SHA256
4f3e4ffa54d9d18a7260c08a15af3fdacae47253ee79f47766bcdbc94f5be33a

SHA512
6737f4e2a63bc0bd6d0e66d7e0916023655aa225bcb7964eed2ceca7ebe3b63fd764a630c56c92440bf761ca241da54080d415dc2df97e1861e1b2d7657b5990

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe

Filesize
192KB

MD5
cade03246e557e37e9f3ea1e0aa89da8

SHA1
736c782c0a046b8c7c70166bd7c937799db7f867

SHA256
87a529afe6310dbe84f9935be801cd93059f2a4350a017040115ccb319e7ffa7

SHA512
6c16fa569640f71eca6e29978fa2319b5f350a69ef0aa471380e30470345a07f27309a48efcf79ee00fc10b8505d5547c1c45b2ad2b1aeef84b73c9445ee8f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40047.exe

Filesize
192KB

MD5
7b7d9b21c80a16bbca5b37f11ee4d056

SHA1
5a99cb65d21b72d301127d5a1da9e2261515622c

SHA256
8e9cc6bbd6192827ab68a135976f1cc03c2ad4cdcaf7bb3cfbc6ce588a53af93

SHA512
53fc6ef0d29003ae529f7322bda6369d117c6d62d25901e8849b6a94414fec61af06ed54882918161063b65313dbd98b5633b31d27163201596e73c787ae70db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40365.exe

Filesize
192KB

MD5
afd911cdbdf2e8a1804fbd1df77d98df

SHA1
9754ab5fbdd01a9b4177c7214329d5f3251ef676

SHA256
abf199643f1d8c0d67469b5e468a50ba0fb195f6c2de6596e7e79a0012379b81

SHA512
8b057674dfd1f5f482ec58d0d5a19952dc7e4aef1ec3f53ae258d81d8f27bb574c900b51277b472e2c48511654dc9ea5bd832b5f9ec297ab8ded4a25936e5102

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe

Filesize
192KB

MD5
cec50c620173ba22fcdcbc6abfdf7489

SHA1
676176d6edeb68cd7010615ab5d3c1d1ea1d5d08

SHA256
4fff11095a694b7dec971c037838a2c9ad3e0faca54c097c59e39eecf8e73b8f

SHA512
b107a48280df016901dcb6b1cc48b3c900f484a37e17ecc48257fc6338c3ccc5130eab16f8b788816a6eb56d65547b316487b1c64e5b2be1f2325ff59f852666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe

Filesize
192KB

MD5
a4eaaef6b565078dc8d77537ddbdb9bc

SHA1
e1897a9d312abea20740a6a1b7dd5416090baa3e

SHA256
129c37a1b8aadbf87859183d0bfc2b0457db9e896c52606e13e3a44b84b8f96d

SHA512
8391ba5662a0cf7b44d4f5bb0d832d7d85155ce40f7e18494ed25d5a2be9756c2ed43aa36ba0b204d5edd3da27a400b2f9e0761acc6183493a19291283429a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe

Filesize
192KB

MD5
9abc9c8c4cfb6050e4074376e9f7137d

SHA1
3183af308dd6c59190a22fd28ff7954207a9d9f5

SHA256
ea8f5fe86300870c3853805f5e57a5ceb2f55ff85e929a6b383a734be1328e95

SHA512
6c1fd83d0d75f987350a0ecb3154b9b437fafaac9e2de5559c2137c18b838ae57c0724ac05f536525975bd0baec43275b5baf4a15afb9e5a18ef53efa2740c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe

Filesize
192KB

MD5
711243872f3e54a4f06079132b440f03

SHA1
bdeb8f0929622d8b67548c861f86265208ecdd49

SHA256
5805b25ece8dccd7eb3b79d985ac28a39721f5f121694b48de7e885c5be4e26c

SHA512
30a32e10f67777687e9ff29183869779a45ded664e90a42c1e2109637900e8688f45b36679c0f6db81038caddd309aa42e3d5bc3aac71df6ae35e5b544d38b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe

Filesize
192KB

MD5
f3d7cd7885ca469e89c8207636c65247

SHA1
634832f02187844a81075c8e9d903e4c032e4f5f

SHA256
9c6da687042d914b9f51f8c20875f5bc8e83b052024c42489d6842123c7aeac1

SHA512
d99b51de4fe38367fe4261eb52ad35c29624a58723ed3d54530cfce87c4fd67e972a4506410a9b57050a0016308c254f6c996e589b83a34b456f14700790242c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe

Filesize
192KB

MD5
788291d98d250806d22d826a725ce0f7

SHA1
c495ccde42be618601b7a534f78483c0f5735472

SHA256
00bb2d351f70bd0cf32c56bf2912f1bbf0487b0f6956c332265d82ae2d8cdad7

SHA512
0d7752df3a9b9ef9f3115a1c839a06e30ecec01fc80588a0eaf5c7b51066f2ed52ebbfb2e991b71287a24731650df83e9255d0233c3f482024b43b75db6d0718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6379.exe

Filesize
192KB

MD5
6ae40841a5c358b49dafbed1a29cbe4c

SHA1
7603ccb7ad1c89f0990839006cae66f1d0966df3

SHA256
49790528e8708152bec2911d017ba35daf2b246ee6802808e323e14f8308a92c

SHA512
3ecb47678a6df7c51ed1f2cb23ff552d5ef1ab6b14400febf70869c32605aeedbe58d92ef234e0a81d7dd46fb0557120e962dd46ad3161a0f773e190784f4f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6640.exe

Filesize
192KB

MD5
dc050a611c8c5052a09abdf1bb34688c

SHA1
78541c2e2f327caa25d90a831c3126184f783e02

SHA256
ee8ee5dcbf97660bcf51a21dee092ed465e039c3c33600bcb2d420160b5252d6

SHA512
a9b535e6ecd3abea28bd3114170063aed527c4dd0618ddd240f7bb04daf5c0189a75c49d21eeb430ad94058c4c81151697f3c5695cd2b25b484f76bb79750d6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe

Filesize
192KB

MD5
18e843ec53e890b3955557a87c674e0b

SHA1
2d2f092900a7be4efdc6ee8ba6c49949a47489d1

SHA256
679a347c8f8fc1a99a17e86cb1dffa6d9ebcbb1041311c560f74c3804a978807

SHA512
a674d7991b927e3c0af08ab26a78f8adfcaed23f6450fbf34d8a3c1b16ee9e0a93aa71d0360f8976b8fa585cd6981e38dc52e09fc2db931618691ab0e769af9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19209.exe

Filesize
192KB

MD5
e328ff58de2dc420fe80660d1af9abc2

SHA1
e39858c6c9f5e4c51e1f7c981a493151b02cda58

SHA256
7948fb0e09551da8489a7604d79cba3ae1a47561c72c60300bcb3d26425b0160

SHA512
243b4d0af64b97c2801f798db9f3bb2c79bb7a8ad2cbfa6ea7c97556d3c4be016e296e7f2d33ca9de2f7ab37b8715888e57c17f52f2cb595f666460e75d812ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe

Filesize
192KB

MD5
8b76a8573af46d8c94dfbeccdd5cf0a7

SHA1
09561a841d50beb9260005e0692a1622d6f43e7a

SHA256
c58ff47978d54e300aef195b9a41279f0f13750eff7deb2a1b5c609ebb9c21db

SHA512
3335c4eb65cc574bc0a8db9d03d5d4b96eff88dce557e4bd611abd0f7500d0162cbed935f05c81dfc40818edc3b879e87c7d1ae264dcfbe6dce47c6aa4df18d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe

Filesize
192KB

MD5
7d755556192ba8814edf24c39b3c329b

SHA1
ce241a4cd29ca5737b96cbdd9f10a2588ce59855

SHA256
f42a4a873b3ff4ea2c88aad2bf114c9834ad58ea5443bd3aaf7312165aee72e8

SHA512
f8039c8f3d4281a7b51200b5d9d7f5a9a9175400da7b03efc0add587458317cfdd74e71a0702cd384f500349d55ebe95e8da280e24219257f20fd1f6253f19d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe

Filesize
192KB

MD5
58bd2b8088be3bc337171d998d8d05b5

SHA1
f6e077103eef8180e1c4a4ba69458d6609cc0d45

SHA256
de45f15d663953db5ad17add3e5c1abd2b2341e9f6cf43b1f6ab541e54e4e631

SHA512
3012d73921533877d7ba7ea2c568adde1a4ffc9475d69aee2c4c87f8b90e591c0914b6c404f7afd7f365b6ef909dd23ac8c5027d1edeb2a7a9fddb6be1f9be75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe

Filesize
192KB

MD5
5edbc08d3cc0be2818e963c6d381d83a

SHA1
c4632783cd81b32a05e4162a13b7639b3731cbe5

SHA256
73706dcbd061f7bb23053d1e09cd0c1a28e86f7dd73361c5bad07f50e0f4f341

SHA512
d1eafb63c6a945aad301779657a98010c9e78a82669c8eb2d618259ba171ee7b30a2c468c43a8cd15bfb87799d0dec61d5166c10fdd70e4a67c348313a7b9d17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe

Filesize
192KB

MD5
149d7bdf3a198bf41281b2a2ce08fba9

SHA1
a7169ec164350bbd4d2f0f74664649ef08b736b8

SHA256
2eaf3e9d544891d6597d7e660a71050ab9210ecd452f94ab59751d3f5554a43a

SHA512
f1af4bbb0b1cc8b15207881aec6fc851a142bac6e7ae42af23ab617164a7f9b306340ce77a978ea0cf7e3c7e5e985e739b0a4bbac645cb08811d097708dc3495

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe

Filesize
192KB

MD5
9650bb9abd59e8c3e4ec6e7899aa3bf5

SHA1
0d9d617f88af2af36790c5422343b5c680bbad99

SHA256
30bab3c3122eea848236ffbc11b6f7d4df1efa232e74b123fd415487d7679433

SHA512
f11e913ff4db9ba2d469ee6e45b83a83f3f50d0d1625efbb250fb116bf588c5f84713418662b7d2e5f6f2f723aed9c1726d125d2a5563dc4b88e4fbf9adb60a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe

Filesize
192KB

MD5
81b2bc1c74cebf4f9a65a45f2b3eabee

SHA1
b0444b14bbbff166045e39a1a824c820a3828b6f

SHA256
d66b87bedd71c3ec8f0336d6fb32d2a77293c00df34cf65c8123494135553406

SHA512
c3408f9b792d0bbd9aca658db7670974a9ae97c7c17161618e31f2a6ec9423bae7eb64850e693d6c6ddf050e70a4f2f587fcb79205101bc56408ab75b0e0aeff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe

Filesize
192KB

MD5
9a1be2c7371f497c9583b73b81e2f774

SHA1
29f5936a653868a5b4eb505ffbc86c433d1ab540

SHA256
49e44194e047bbe23518f16d4ed39598dcf1f9ebe310d385212ca75e439836d0

SHA512
6da660fc9ccf775490a3bd72debd3b9b8d810d57466d219ac228531cd7a28915e461a275dd3c95857ead9bf5994111af143d81d42350d504186ffc3e3eaae2ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe

Filesize
192KB

MD5
8d411d97baee577d079e2bbcca86c0a0

SHA1
29d67987fcb5c227eaacf8846ef982e36db94b27

SHA256
72b5d40230090917012f7c33b00e62f83ff20bc9c3fd5efd2fcd94369259e99b

SHA512
87aaa04ece2cf47e0ed8c207a34cc5ba38cc789e201d7e3747fbe74ee63fb64642c6e4fc2b1e9e7d058aa9572daf2469e029cd3e4885cdd0a90167cd0f4123f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe

Filesize
192KB

MD5
65a20362b9ff728638c8f9564feac636

SHA1
a57d752a51119137994c4cf102444b98952002b2

SHA256
a5d7cce87ac15c25f5df1299e3f7e3f28bc89897b69250286af1e96585bc6c2d

SHA512
942922fdf562374bd0daee8b2535219fdde90f277a6617510a674cda4fcc8c082249b95e4497129633ab297f616b7ce7663b8631c0895f60f8ca7081d1614b82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe

Filesize
192KB

MD5
93621ee3bb99bbd4539d5b739bed0f5b

SHA1
24ac4230215202c754df66387335b9bf58ffdff4

SHA256
f09066d37db3e80ed429acbf1a087a450bbc0c52194a059a79c3a04771be43aa

SHA512
bade9e8f3670562fd31be3a0b74900a89949099fbeb5413a0cbac2a2236dca8f7e5e171431f3db7d7ff3a986730506eacf5dd0f07e45d7ae66c343cdd96951d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe

Filesize
192KB

MD5
e19a7a6fe9a274c1bef161a6607ec33c

SHA1
7c4b2135afc92433e441811792d7cee3dca3f6b1

SHA256
49a0cc56c097505a76d1f8dbb81177fc266db64a1a5468d20c86b85a6a1a4766

SHA512
1bb23df30052cdb9b2a6322424a6a4bc7aca5bece17fdaeb8f90bed44118d30bdf4b8c879b1191b5fb88e0d005ba65b4b74bfbd2ec3687fca808f1dd737a31c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe

Filesize
192KB

MD5
a5d2c2854a21a9ec33dce8c51750c049

SHA1
b214a84a31af9e54952dd444ffb44e805ad1b4db

SHA256
1e69ebbb97e6ca2b62c777f5db8875ffedec11ce621caee979c54a2121e4b4b2

SHA512
717fd905423e0fac76f7f578fc815b967b9a93ea13e037ffd034e249c23144bbbf77dab8e49c2cc18f4116c2002783964b5f6f951c74b5a9952f110f6c0e3f42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe

Filesize
192KB

MD5
e0506736587ad375196f520e4da0beea

SHA1
87a4b9871c2c98c812ee5846db8b72f450344314

SHA256
a0e138135c3998a00b7704b4c045bceb961b45c8f4749a3f4fd731e8f4637041

SHA512
bcc385262017f13215f702601888c5abacfe0698c635a01621b4af5ffa7ada5609c4bea0e4658daf97b797d184f355175bb5cf7214aa7c0587e77864b085e6be

Download Submit