16fdd626cbac3a2a1ae4cb88b5925b2bfc2f7310e2152bec30146f77bb8d519e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
Size

184KB
MD5

39f80b65016d429a7600a29e5b9bd488
SHA1

1fb9d84c95f415723d7baaf105c28d34c395e34b
SHA256

16fdd626cbac3a2a1ae4cb88b5925b2bfc2f7310e2152bec30146f77bb8d519e
SHA512

a5a94361c9841fda354e9061a073be2a5837368da4dea990844183f97d4897aa2ffe0d29555b3730a6e1d4e12f93840b37d4158c44f95ec56cffac07d219a516
SSDEEP

3072:0Rl9o87x4zAHtQj3MLXNv8vMS4WMRSQlGUSxQ1cZUylPvpF+:0RPoLsHtWMzNv8pQvvylPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1432	Unicorn-44478.exe
2524	Unicorn-28308.exe
2448	Unicorn-274.exe
2760	Unicorn-8894.exe
2904	Unicorn-5365.exe
2724	Unicorn-25231.exe
2640	Unicorn-14213.exe
2660	Unicorn-10876.exe
2872	Unicorn-47078.exe
2328	Unicorn-63222.exe
1816	Unicorn-6408.exe
3028	Unicorn-31941.exe
1808	Unicorn-47955.exe
2152	Unicorn-35833.exe
560	Unicorn-27665.exe
1652	Unicorn-23856.exe
1020	Unicorn-29563.exe
1496	Unicorn-49429.exe
2096	Unicorn-20326.exe
1392	Unicorn-15578.exe
1584	Unicorn-65334.exe
916	Unicorn-40275.exe
2784	Unicorn-60695.exe
1516	Unicorn-13393.exe
2456	Unicorn-28983.exe
1428	Unicorn-49595.exe
2032	Unicorn-41427.exe
892	Unicorn-58126.exe
2548	Unicorn-12454.exe
1600	Unicorn-24707.exe
2004	Unicorn-45874.exe
2756	Unicorn-57846.exe
2820	Unicorn-9392.exe
2984	Unicorn-63274.exe
2780	Unicorn-63829.exe
2772	Unicorn-9989.exe
2608	Unicorn-38770.exe
2680	Unicorn-27072.exe
2668	Unicorn-1629.exe
3016	Unicorn-26880.exe
3040	Unicorn-46746.exe
2884	Unicorn-1437.exe
2992	Unicorn-55277.exe
2524	Unicorn-9605.exe
1960	Unicorn-5329.exe
2028	Unicorn-51001.exe
2092	Unicorn-1800.exe
380	Unicorn-9413.exe
1492	Unicorn-46362.exe
632	Unicorn-31984.exe
2592	Unicorn-52042.exe
1976	Unicorn-44429.exe
1700	Unicorn-61362.exe
1544	Unicorn-786.exe
2516	Unicorn-9317.exe
580	Unicorn-45519.exe
2544	Unicorn-45519.exe
2164	Unicorn-45519.exe
2012	Unicorn-18829.exe
1768	Unicorn-38695.exe
1220	Unicorn-18829.exe
2420	Unicorn-10106.exe
2472	Unicorn-50755.exe
2688	Unicorn-30889.exe

Loads dropped DLL 64 IoCs

pid	Process
1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
1432	Unicorn-44478.exe
1432	Unicorn-44478.exe
1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
2524	Unicorn-28308.exe
2524	Unicorn-28308.exe
1432	Unicorn-44478.exe
2448	Unicorn-274.exe
1432	Unicorn-44478.exe
2448	Unicorn-274.exe
2760	Unicorn-8894.exe
2760	Unicorn-8894.exe
2524	Unicorn-28308.exe
2524	Unicorn-28308.exe
2904	Unicorn-5365.exe
2904	Unicorn-5365.exe
2724	Unicorn-25231.exe
2724	Unicorn-25231.exe
2448	Unicorn-274.exe
2448	Unicorn-274.exe
2640	Unicorn-14213.exe
2640	Unicorn-14213.exe
2760	Unicorn-8894.exe
2760	Unicorn-8894.exe
2660	Unicorn-10876.exe
2660	Unicorn-10876.exe
2872	Unicorn-47078.exe
2872	Unicorn-47078.exe
2904	Unicorn-5365.exe
2904	Unicorn-5365.exe
1816	Unicorn-6408.exe
2328	Unicorn-63222.exe
1816	Unicorn-6408.exe
2328	Unicorn-63222.exe
2724	Unicorn-25231.exe
2724	Unicorn-25231.exe
3028	Unicorn-31941.exe
3028	Unicorn-31941.exe
2640	Unicorn-14213.exe
2640	Unicorn-14213.exe
1808	Unicorn-47955.exe
1808	Unicorn-47955.exe
2152	Unicorn-35833.exe
2152	Unicorn-35833.exe
2660	Unicorn-10876.exe
2660	Unicorn-10876.exe
2096	Unicorn-20326.exe
2096	Unicorn-20326.exe
1020	Unicorn-29563.exe
1020	Unicorn-29563.exe
1496	Unicorn-49429.exe
1496	Unicorn-49429.exe
2328	Unicorn-63222.exe
2328	Unicorn-63222.exe
560	Unicorn-27665.exe
560	Unicorn-27665.exe
1652	Unicorn-23856.exe
1652	Unicorn-23856.exe
2872	Unicorn-47078.exe
2872	Unicorn-47078.exe
1392	Unicorn-15578.exe
1392	Unicorn-15578.exe

Program crash 16 IoCs

pid	pid_target	Process	procid_target
1992	1544	WerFault.exe	84
1680	996	WerFault.exe	140
2996	2936	WerFault.exe	127
1748	2684	WerFault.exe	193
2408	2420	WerFault.exe	189
1504	2840	WerFault.exe	184
2768	2080	WerFault.exe	232
2988	796	WerFault.exe	278
2856	3008	WerFault.exe	324
1940	2792	WerFault.exe	398
1364	2836	WerFault.exe	370
2668	2432	WerFault.exe	371
976	2956	WerFault.exe	405
2532	2012	WerFault.exe	457
580	1116	WerFault.exe	453
2520	1980	WerFault.exe	492

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4819.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
1432	Unicorn-44478.exe
2524	Unicorn-28308.exe
2448	Unicorn-274.exe
2760	Unicorn-8894.exe
2904	Unicorn-5365.exe
2724	Unicorn-25231.exe
2640	Unicorn-14213.exe
2660	Unicorn-10876.exe
2872	Unicorn-47078.exe
2328	Unicorn-63222.exe
1816	Unicorn-6408.exe
3028	Unicorn-31941.exe
1808	Unicorn-47955.exe
2152	Unicorn-35833.exe
560	Unicorn-27665.exe
1652	Unicorn-23856.exe
1020	Unicorn-29563.exe
1496	Unicorn-49429.exe
2096	Unicorn-20326.exe
1392	Unicorn-15578.exe
916	Unicorn-40275.exe
1584	Unicorn-65334.exe
2784	Unicorn-60695.exe
1516	Unicorn-13393.exe
2456	Unicorn-28983.exe
1428	Unicorn-49595.exe
2032	Unicorn-41427.exe
892	Unicorn-58126.exe
2548	Unicorn-12454.exe
1600	Unicorn-24707.exe
2004	Unicorn-45874.exe
2756	Unicorn-57846.exe
2820	Unicorn-9392.exe
2984	Unicorn-63274.exe
2780	Unicorn-63829.exe
2772	Unicorn-9989.exe
2608	Unicorn-38770.exe
2680	Unicorn-27072.exe
2668	Unicorn-1629.exe
3016	Unicorn-26880.exe
3040	Unicorn-46746.exe
2884	Unicorn-1437.exe
2992	Unicorn-55277.exe
2524	Unicorn-9605.exe
1960	Unicorn-5329.exe
2028	Unicorn-51001.exe
2092	Unicorn-1800.exe
380	Unicorn-9413.exe
1492	Unicorn-46362.exe
632	Unicorn-31984.exe
1976	Unicorn-44429.exe
2592	Unicorn-52042.exe
1700	Unicorn-61362.exe
1544	Unicorn-786.exe
2544	Unicorn-45519.exe
2516	Unicorn-9317.exe
1220	Unicorn-18829.exe
2164	Unicorn-45519.exe
580	Unicorn-45519.exe
2012	Unicorn-18829.exe
1768	Unicorn-38695.exe
2420	Unicorn-10106.exe
2688	Unicorn-30889.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 1432	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	30
PID 1744 wrote to memory of 1432	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	30
PID 1744 wrote to memory of 1432	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	30
PID 1744 wrote to memory of 1432	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	30
PID 1432 wrote to memory of 2524	1432	Unicorn-44478.exe	31
PID 1432 wrote to memory of 2524	1432	Unicorn-44478.exe	31
PID 1432 wrote to memory of 2524	1432	Unicorn-44478.exe	31
PID 1432 wrote to memory of 2524	1432	Unicorn-44478.exe	31
PID 1744 wrote to memory of 2448	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	32
PID 1744 wrote to memory of 2448	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	32
PID 1744 wrote to memory of 2448	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	32
PID 1744 wrote to memory of 2448	1744	39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe	32
PID 2524 wrote to memory of 2760	2524	Unicorn-28308.exe	33
PID 2524 wrote to memory of 2760	2524	Unicorn-28308.exe	33
PID 2524 wrote to memory of 2760	2524	Unicorn-28308.exe	33
PID 2524 wrote to memory of 2760	2524	Unicorn-28308.exe	33
PID 1432 wrote to memory of 2904	1432	Unicorn-44478.exe	34
PID 1432 wrote to memory of 2904	1432	Unicorn-44478.exe	34
PID 1432 wrote to memory of 2904	1432	Unicorn-44478.exe	34
PID 1432 wrote to memory of 2904	1432	Unicorn-44478.exe	34
PID 2448 wrote to memory of 2724	2448	Unicorn-274.exe	35
PID 2448 wrote to memory of 2724	2448	Unicorn-274.exe	35
PID 2448 wrote to memory of 2724	2448	Unicorn-274.exe	35
PID 2448 wrote to memory of 2724	2448	Unicorn-274.exe	35
PID 2760 wrote to memory of 2640	2760	Unicorn-8894.exe	36
PID 2760 wrote to memory of 2640	2760	Unicorn-8894.exe	36
PID 2760 wrote to memory of 2640	2760	Unicorn-8894.exe	36
PID 2760 wrote to memory of 2640	2760	Unicorn-8894.exe	36
PID 2524 wrote to memory of 2660	2524	Unicorn-28308.exe	37
PID 2524 wrote to memory of 2660	2524	Unicorn-28308.exe	37
PID 2524 wrote to memory of 2660	2524	Unicorn-28308.exe	37
PID 2524 wrote to memory of 2660	2524	Unicorn-28308.exe	37
PID 2904 wrote to memory of 2872	2904	Unicorn-5365.exe	38
PID 2904 wrote to memory of 2872	2904	Unicorn-5365.exe	38
PID 2904 wrote to memory of 2872	2904	Unicorn-5365.exe	38
PID 2904 wrote to memory of 2872	2904	Unicorn-5365.exe	38
PID 2724 wrote to memory of 2328	2724	Unicorn-25231.exe	39
PID 2724 wrote to memory of 2328	2724	Unicorn-25231.exe	39
PID 2724 wrote to memory of 2328	2724	Unicorn-25231.exe	39
PID 2724 wrote to memory of 2328	2724	Unicorn-25231.exe	39
PID 2448 wrote to memory of 1816	2448	Unicorn-274.exe	40
PID 2448 wrote to memory of 1816	2448	Unicorn-274.exe	40
PID 2448 wrote to memory of 1816	2448	Unicorn-274.exe	40
PID 2448 wrote to memory of 1816	2448	Unicorn-274.exe	40
PID 2640 wrote to memory of 3028	2640	Unicorn-14213.exe	41
PID 2640 wrote to memory of 3028	2640	Unicorn-14213.exe	41
PID 2640 wrote to memory of 3028	2640	Unicorn-14213.exe	41
PID 2640 wrote to memory of 3028	2640	Unicorn-14213.exe	41
PID 2760 wrote to memory of 1808	2760	Unicorn-8894.exe	42
PID 2760 wrote to memory of 1808	2760	Unicorn-8894.exe	42
PID 2760 wrote to memory of 1808	2760	Unicorn-8894.exe	42
PID 2760 wrote to memory of 1808	2760	Unicorn-8894.exe	42
PID 2660 wrote to memory of 2152	2660	Unicorn-10876.exe	43
PID 2660 wrote to memory of 2152	2660	Unicorn-10876.exe	43
PID 2660 wrote to memory of 2152	2660	Unicorn-10876.exe	43
PID 2660 wrote to memory of 2152	2660	Unicorn-10876.exe	43
PID 2872 wrote to memory of 560	2872	Unicorn-47078.exe	44
PID 2872 wrote to memory of 560	2872	Unicorn-47078.exe	44
PID 2872 wrote to memory of 560	2872	Unicorn-47078.exe	44
PID 2872 wrote to memory of 560	2872	Unicorn-47078.exe	44
PID 2904 wrote to memory of 1020	2904	Unicorn-5365.exe	45
PID 2904 wrote to memory of 1020	2904	Unicorn-5365.exe	45
PID 2904 wrote to memory of 1020	2904	Unicorn-5365.exe	45
PID 2904 wrote to memory of 1020	2904	Unicorn-5365.exe	45

C:\Users\Admin\AppData\Local\Temp\39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39f80b65016d429a7600a29e5b9bd488_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        14⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15421.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        16⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        17⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        18⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        19⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51258.exe
        20⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        11⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 224
        12⤵
        Program crash
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        13⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        14⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        15⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        17⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        18⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
        19⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        20⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        12⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        15⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        16⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        17⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        18⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        19⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        13⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64329.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        15⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
        16⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        17⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        18⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        19⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        11⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        13⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
        15⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
        16⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        17⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        18⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        19⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11793.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        13⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        14⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        16⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        17⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57537.exe
        18⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        19⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        10⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        11⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        12⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        14⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
        17⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4252.exe
        18⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        19⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        20⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        8⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53418.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        12⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        15⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        16⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39172.exe
        17⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        18⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        9⤵
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        10⤵
        Program crash
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41124.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        12⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        14⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        15⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        16⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        17⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        18⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        19⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        15⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        16⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        18⤵
        
        PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
        9⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        14⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        16⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        17⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        18⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        19⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        20⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        16⤵
        Program crash
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        13⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        13⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42046.exe
        14⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        16⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        17⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        18⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        19⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11964.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        12⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        13⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        14⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36945.exe
        15⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3817.exe
        10⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        12⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
        14⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        15⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        17⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        18⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        19⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        20⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
        14⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        15⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        16⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        17⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        18⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26096.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        12⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        13⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        14⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        16⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        17⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        18⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        19⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        18⤵
        Program crash
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
        17⤵
        Program crash
        
        PID:580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        16⤵
        Program crash
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        15⤵
        Program crash
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        14⤵
        Program crash
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 236
        13⤵
        Program crash
        
        PID:2988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        12⤵
        Program crash
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        11⤵
        Program crash
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        10⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        14⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        17⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        18⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43380.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        10⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        11⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15421.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        13⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        14⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        15⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        18⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        12⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        13⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        15⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        17⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
        18⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        19⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        15⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
        16⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        17⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62228.exe
        17⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        18⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        10⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        11⤵
        
        PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        12⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        15⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        17⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29338.exe
        18⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16562.exe
        19⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37474.exe
        19⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        20⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        15⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        16⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        17⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        18⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        19⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        11⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        12⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
        14⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        17⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        18⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25966.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37469.exe
        13⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
        14⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
        15⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
        16⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51284.exe
        17⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        18⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46905.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        13⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
        14⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        15⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        16⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        17⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        18⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        19⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
        13⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        14⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41351.exe
        15⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        16⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        17⤵
        Program crash
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        12⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
        13⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        14⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        15⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        16⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        17⤵
        
        PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        14⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        15⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        16⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        17⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        18⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        19⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19597.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56978.exe
        11⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        12⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        13⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        14⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        16⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        17⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48197.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
        11⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        12⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
        15⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        16⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33801.exe
        17⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        18⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        19⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        10⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        12⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10702.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        16⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        10⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        13⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        14⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        16⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
        17⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        18⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        15⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        17⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        18⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7091.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47082.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
        15⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16562.exe
        16⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        17⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        18⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        16⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        17⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46723.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        9⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 200
        10⤵
        Program crash
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
        13⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        14⤵
        Program crash
        
        PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3817.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        13⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe
        14⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        15⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        16⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        17⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        18⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        19⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 376
        9⤵
        Program crash
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 376
        8⤵
        Program crash
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        7⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        11⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49489.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        10⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50650.exe
        14⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        15⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        16⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        17⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        18⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17425.exe
        10⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        13⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        16⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42971.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43107.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        13⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
        14⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        17⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        18⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        12⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        13⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        14⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        17⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        11⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        12⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        14⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        15⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        16⤵
        
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe

Filesize
184KB

MD5
d6e97ff9c7f93778d121e08e1b46daf2

SHA1
3191baff604d7ee61967b680339d7a8d24068fbc

SHA256
b88b9c618b81776f62026881fa5e1869f9d35addf2dc16fd2e46a42a80fab1ce

SHA512
aff17a6e2c0338e4b9055c84461730f9a4a8514eff00fa1acec8be7968ce3657a86b21a7dbba8e2a094e37be11b1efb92854ce2866fb033476decc4daa549f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe

Filesize
184KB

MD5
e14d970cac5e115af339402028ed7b32

SHA1
d4c4cce0a9674a024c5335fb3c0bb7c034ea2211

SHA256
f80b39590955e9d393525199ff8238c42ff0e302a9d61b5e65964072dee81454

SHA512
5c19484eef3a4d870b4e79257c58908ced7fef7a89c55a1ee9faf4f5a91ac881148b79b5c2d0d88b97ab1c1367c54789b5031acf9dba05b7df46ab57f3141245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe

Filesize
184KB

MD5
6e89db4e887101a1e564b3b257a9e47a

SHA1
0aab556e01553d0c4abd16c6cd1962d39ff6805c

SHA256
feb93103b4893c01b6001c4212ff1167c5573e289890dc2f046f5a814aecca70

SHA512
37304286f0a580a2d8aebdfdd7821c3b7d1abff642b6e691ecd2562c63946d2e82b7f3485aa2b55fe81ed495b693cb0ce6978b60b00a5a5ebb536b38cd08a99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42956.exe

Filesize
184KB

MD5
6f7f037753bdac8b36d0f6df97e991eb

SHA1
60b917cbe553929ad39bbfc1f62d1870dc69adfa

SHA256
08c2156119fb531188272240da802b233ff240f49cd15f812aef1a8cf94b36b7

SHA512
4c992a5fe79c51ee0dc09f6eac3bdee882e15bc590e0fc0b59b9b746a0390efbafebc242199939941488eb623285399cf46f64e3293663c3ee4f14a139327c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe

Filesize
184KB

MD5
92f2a6d85cf9558526b38696053e45a2

SHA1
ff1d193dfc3c747bc3f6f2a7e38f277fc8e30039

SHA256
0da597e4276f2d90e3b58d7677bea889b062d81bd7d4abeeeec8fa31ac0f5a3e

SHA512
6aa9f98f5f58b7c04918081ebfe82760c50ea3777ef567667df4b5aa0b1ede3bbcf35ce235e2309e805a14582d8e8062a93c55995b27717a2ca2b8c78d2344fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe

Filesize
184KB

MD5
f2f7fafae13c98a4d1d82fcce88e3982

SHA1
38da597e9a2a395bfaa61b61f235cab603bec061

SHA256
119f8b5a595a42dc82cb501f934403b12fc424e10df2231e763b1968033ddbf4

SHA512
d9bc77bd28bc3392262c9e2fd8b138af9c38863296abe8883152db65995bd737f3ccd0f7d5d8efc2484b6fb469a3ad8503595ebb90d5b965c83cb63aec36cf68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe

Filesize
184KB

MD5
16371046386bd145b46696baae8c7317

SHA1
b0c03495dbc3a04c119cf2ba3c541785113e0ffc

SHA256
55b9710f2ef72c744df13d22e78a35a595150b6d3aced5e9b68e47666269a33a

SHA512
1963b0b14f74752a7a2b1facda5c0b8b385dd574b544c9124e764453fada08694bd6cf314b1f8e6b5c8e1b792418786f8946511215c90d0237a40c4191a45d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe

Filesize
184KB

MD5
cbce9c7594388be3718c6f86abd92c67

SHA1
6f0ea171867fe31b1ca4fd6a060a972c822bfc3e

SHA256
1e388b7f84d3501ec0acf3b7ee4f125ec36bdc5d23cd559b1f39a164ba01d396

SHA512
f4a920f30319cf0b66729a0ffd369b9206964e3d7e47c4fe80a136f585cc151a21b6b8b93aeeb45986eb7406d2911ef9b79ab9be3235e1641833e4d36e1236f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe

Filesize
184KB

MD5
5482500fde1de08f7c0da0e5b3c414ad

SHA1
544e1e80912751b7f33e64d1cc8b06c653d76e32

SHA256
80db2099b9893f0ad776e92d1bb0796b76ba52cfe4cfcbdd909756a9a5cc2b99

SHA512
a55e84ecc31e82e795f2284d4030a6a427d76d8fc2a8182940ae9942e20065b4bda2de2cb3f8712e273aa0bf6a84ba0509c2061da8b32615b032ffd453f6e5a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5971.exe

Filesize
184KB

MD5
0d07a00b20174dc0aac5ee6a08255ec1

SHA1
121b908a0a010b00d1dfe0960f5413a272eb7d20

SHA256
6c71138ec73609f29c7f91c3674b1cf42cea40a1578a348ada02c057a52e0bcb

SHA512
e7746d7e89c8be1b2265f00be3c1533cd9a9e76e4d8a166f9d1b63d84baa778de790f136af990fdd1792b6631bccefe60711db0aa46d9b438e1ef262839306cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe

Filesize
184KB

MD5
ee6a8d1ff3582f1f5c68f44cf553aa7c

SHA1
d68aad566ad9836a4d2a7b73998750eedea8281d

SHA256
6017d8fc4b896af37f551ea30587807f94368d4f566f709d10cfe92266799c9c

SHA512
b1da76da971424230058a0b4a0a245a431f6ef2d449f9127275c01c0b76010d526d5c975bde4fbfd1082546a4729747f2e6ecc7a68ed3c9ef655a033b62c64a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe

Filesize
184KB

MD5
4d2e15dbf33ab2556cbf963a84fd93dc

SHA1
3780a7f17c3752324e9260265a2a3d709914824e

SHA256
36b35838daa083c51110a7ecf1d0bb85511921752920de054646206d6eb1dfdb

SHA512
c9ac1b547ed0676d88dc762e3a976bcdc7eccf66684e5d673d019a2a072365f2cfaaea69116f0f6dcc3d7e1d147228ffa856cc571d8bf64898cbd473025ca9a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14213.exe

Filesize
184KB

MD5
60fd7615fec60c89e8500f0aec251807

SHA1
ac1ebaa81e01ab0905c77dbaf923cfef659b46df

SHA256
cb4aa79b62e9aaf4affce0c816a8075648dfadf832bc43b45c718cddda49a82f

SHA512
5563c0ff416cdaa964f77bd71c2eee8c5b3f818319904dd94ee627d39dbb16ec5249bd3cfb8b273647554b19f81167092ee3f6e3651f2f2c8ef5ddca6b5fda4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe

Filesize
184KB

MD5
d15e59dae225a30c703651b9c39d60cb

SHA1
65ab96bc5d0f5667bb891db5b3d23a20d6442722

SHA256
87f34b823864b65526b2223fabb1f7739b0435a026c8ceb08684ab42fadad2fc

SHA512
0dad3d5a1a30d4835e2f48340f002821cb89c04811251dd4106367af5ed61823011a10692729447ae91494d0930cfb82b9521a630e8fbbcb7b7153c036839cd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe

Filesize
184KB

MD5
24b9181c417c33d4015400a0c3bf7609

SHA1
f07036034b897b7ba86647da5455740550f6c13f

SHA256
9b24c40f3979bea0fff354e370af6499d5ac63b960fbcbab19bb7e94aa7821c1

SHA512
93d82ad57708fc2c7b45b703f3db1b0348a6f834ef7e4ca0976b466a8823371a61d43a26a70545646af5d7cb64bbd324d4ba11ffdb89a5f49721fd64813c0ece

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-274.exe

Filesize
184KB

MD5
ce25630e57d2b72d77d714dedd8efcc0

SHA1
98eabbfa747b0ccd0ab246c333204a305921c18c

SHA256
2b490197630cc6fa872e3fa4cb2386deb9ff61335e0b1bfa004de8b475595f49

SHA512
a60fad571e2142459633524ba1a6691221b8126c42b5e3e572243f2c751e311be4dcc8dc754480d97f892a6858cc0cf0d6076624c77329371f14033278189218

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe

Filesize
184KB

MD5
296b67254ea640087ec24f780c5b544d

SHA1
33f45adf1aadf02918cb8b4972fdcb6ae8bafbb0

SHA256
b3424d62bd4b8f6986bc6d2c11797a340e3b6ed335031e3ae98f8ae0c78114ad

SHA512
9f11964e97ed6c917d231273e0609f9184d8e29be290f2a74110f14a0e431612068b752eb08777a47852c7fdc576af5efa913f424a5e99d0e15eb0deb0630c37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe

Filesize
184KB

MD5
914432ffc2cb524d49697e7cb9c34e79

SHA1
ccdf35741fcf2167046179e3833baaa5f9af4604

SHA256
b346d612cd572e1c5fbdf6a7c80830d981c4a0591ca16cc4bb7b8e209eec762f

SHA512
d4ea63f7d767903b273be3618edda9f7445bc9f8483ff413d6db3a86a0660539bbfaa6849783a5bf8b1c57f26defd356883daaf19def0c823d8658a010f4e8e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe

Filesize
184KB

MD5
9fd6912511badee5bbe9755c77165720

SHA1
ddb4058feaf993a5f55c4876bac692bafd1a50cf

SHA256
51f153005c7da0c26c4e57ef8632e8187a38c690aedb8427b17f03b0d4d04dcd

SHA512
2a79e08dbe2f90f31ffd4c3e2f9cc393ffa56b90c38bdacb445b6a022d81ea303cfc2dfa7af8c63ced26c09c95799fe82d28c9b92a834c549dcf5bc8ea392629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe

Filesize
184KB

MD5
ad0c07db4366ceaa94846772a0a5e005

SHA1
432932f42e81944760ef35ad5a28fdf5afd022dc

SHA256
ae40ebdde60f234db2900b1e12ae0f73d970d46b3683341b7d9109e97ea1e349

SHA512
8d771a2a6ddda804b09ff86277adbf4a73d845e49ced7a5490962418c42ed136a1478814a3644f96e319631114fd3eba95b59f04685338e0084f2fb00765409b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe

Filesize
184KB

MD5
5501d8a723bfbf83a373a0134df59e48

SHA1
faafeede32e1d70ce3c553adf762975c4ed2aa32

SHA256
7e0d075597203c1da7d4ed0f5d6fc3e75d069a1cb45e734e48fc621518f4c320

SHA512
021ef4ebc70ceb6757cfa01594a5023981aaec9d67153a382dece226248b3d16d9da350bc9049ba422c63412bd8149edf132005d5d53e3f598e24eb0a17acb68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe

Filesize
184KB

MD5
d1a21211ac2691ce8616ec1006cf2a3a

SHA1
47aed42aa12d231f6aafb4a0b974287f0967d4c0

SHA256
9f42a301c39c3ae20793ac5c4b2aad6f935d5a48e1e83cfa64aa7bdb982336ee

SHA512
8c0c6056e4050bf27b1ed9fa4d4b8bfa910ff8a63c2d52c74c71f854031bb10f248be0640219e4124721253546f12a9ce68de11d91108990c3ab5e754c59f433

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe

Filesize
184KB

MD5
f75f30130a0caf58a9c8752f60c1b042

SHA1
3cd31a0299182abe23657807372515675150751b

SHA256
ea1d6ddfd41c57fc4b778aac89aacf842aa8569669fa3035f9d3e61fd5980f72

SHA512
52c0d823f4154bf9eedc57846d6bc66ee87b9f786f9aa7c89d57dac1899919bac7938c22aa134ddf846cbae5bc6de8cc9fc6bc4fc60061101080387e10c877ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe

Filesize
184KB

MD5
7bce3cddc6871285819abc49620472b8

SHA1
460a78a6eb9d82b8404e09275c856a027d92668b

SHA256
3b386f73bb23ff7532f4732952f06db66ee892297157dda8f0cee11ae11cb280

SHA512
a99e9323ccc6a34be4c6ed8820f7819dc05f860d242262ec74f3800fae1fbb9ffd2b989222ddf592634caefbc12afbd4f8549c227be99f43e39e15a102104ae5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe

Filesize
184KB

MD5
967274f99204cbd331f65d0f8ca8c660

SHA1
71ca2dab9bf067772998836d195b125420b0d781

SHA256
a6201a8ab2aeff810dd7bda3ff97f8e45a0f77fe0faed19ec76037011765619d

SHA512
4f3630c536cf652d1d5ab0ee17cffae8312efdc5434918ef1171afaa05ab324715b52d7bec8c5fe498571a3a2dcf55508f39b588f9f8757e975d9377582f3235

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe

Filesize
184KB

MD5
96896318f3ec3b1bcc8d7d8e42fa2bea

SHA1
466ad8686afe0b921ad46432a0f21e3d84f9d13d

SHA256
dcff8b125de0b048ee1fb5bcc8fd67ef69e01962b7c93cc8b1cc0ac96626567e

SHA512
b43d1e60602347193d8551a666f762e9af24d4cafb7e45c28b41400c3728834f576c8a54294c106144a64add09781c5ee70992e77288d6f108305bea88363d5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe

Filesize
184KB

MD5
68ceb45c061f75cb83b9de2be5865d13

SHA1
0236ae6359b9682abe3b0f97eb85be80fdf0fc7c

SHA256
fa570da7291062f74e3441881aacacd4409f6cabdd67e58e088c4ee22d024723

SHA512
8e3e0b523a14ac9daf33853294b3a529b22850c6e2b043f0792f904ae1e2fd169526d982dfc8f3fe8e10a0b3eabbafb77059ab58ee45396acda417bf8a5827b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe

Filesize
184KB

MD5
79bade7c939e4212ebbb20a4d43fbeec

SHA1
05c52ac39412c0de3af8e5d76f62d7c9026548ed

SHA256
409a0c997eb16795866bc1450e316069e780dae5abe183641d0ce44c333fbe17

SHA512
5cedd1d0cce52482ecd456f213e3a91d4d49dd4706ccd1e262f05b28b4f6d6068e4d4feca998d56107f1ebe8a6a7190bb0b41c2ff784700132cc2bb4493d1d2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe

Filesize
184KB

MD5
b1d330c312d779d9196b17fa3daeedec

SHA1
849877b2f1ebeabad9467c2cf48c5cc943d4d0a0

SHA256
3d0293ab5103dd5fadf0c92fddafbe9f449e2e152395b05bfbc832a8f0869cbd

SHA512
efd891b788ac95912605fbe20664d8a71096a55111df80c20df30d72276923e352245703d96cb8154225429657f94e0eafc13db17fb623086c4096aad7059188

Download Submit