f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669dd

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
Size

468KB
MD5

fca143c0e1713b733e42107a2ece7330
SHA1

704f9df2e03c36beaca2c2ef9d8cfe6adf5ba367
SHA256

f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669dd
SHA512

75f764cad0c64bc71a17bba8bafe24c69c82bf5944e770c92bcaabd9d9a2f9e668ad578e301d9582d934222b291f06370e2086a0010b68e4aa1b4cd2bcb2e179
SSDEEP

3072:WTN/ogbda88nn+/tPaJF/poKfezrY8YnmHe0VXEn233GLfPl2lU:WT1oNRnniPmF/pohi/n2n0fPl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
584	Unicorn-57409.exe
2784	Unicorn-5359.exe
2564	Unicorn-9313.exe
2580	Unicorn-63242.exe
1968	Unicorn-55629.exe
2012	Unicorn-26294.exe
1572	Unicorn-28331.exe
2904	Unicorn-15276.exe
2064	Unicorn-65032.exe
1616	Unicorn-53185.exe
1764	Unicorn-18274.exe
2300	Unicorn-33511.exe
1864	Unicorn-92.exe
1520	Unicorn-53377.exe
1724	Unicorn-40092.exe
796	Unicorn-17628.exe
2248	Unicorn-38602.exe
1328	Unicorn-53315.exe
1664	Unicorn-29003.exe
2804	Unicorn-11196.exe
2216	Unicorn-34217.exe
2096	Unicorn-5266.exe
1444	Unicorn-55022.exe
2360	Unicorn-9350.exe
1840	Unicorn-9350.exe
2324	Unicorn-33014.exe
280	Unicorn-24348.exe
1508	Unicorn-13413.exe
2696	Unicorn-27148.exe
1632	Unicorn-33279.exe
1932	Unicorn-33279.exe
2584	Unicorn-1073.exe
2548	Unicorn-43952.exe
2692	Unicorn-45998.exe
3036	Unicorn-17602.exe
2568	Unicorn-63273.exe
3056	Unicorn-43813.exe
1624	Unicorn-43813.exe
1960	Unicorn-26730.exe
1536	Unicorn-6501.exe
1420	Unicorn-6236.exe
2260	Unicorn-54232.exe
2036	Unicorn-6200.exe
1600	Unicorn-14923.exe
2200	Unicorn-42573.exe
876	Unicorn-42573.exe
960	Unicorn-63548.exe
2444	Unicorn-30129.exe
1784	Unicorn-29864.exe
1924	Unicorn-46849.exe
916	Unicorn-46849.exe
1880	Unicorn-30710.exe
1564	Unicorn-60616.exe
808	Unicorn-8814.exe
1952	Unicorn-23113.exe
3004	Unicorn-39833.exe
2056	Unicorn-4922.exe
2320	Unicorn-11607.exe
2944	Unicorn-59677.exe
2576	Unicorn-44088.exe
2632	Unicorn-39603.exe
2908	Unicorn-35966.exe
2928	Unicorn-63424.exe
2524	Unicorn-2910.exe

Loads dropped DLL 64 IoCs

pid	Process
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
584	Unicorn-57409.exe
584	Unicorn-57409.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
2784	Unicorn-5359.exe
2784	Unicorn-5359.exe
584	Unicorn-57409.exe
584	Unicorn-57409.exe
2564	Unicorn-9313.exe
2564	Unicorn-9313.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
2580	Unicorn-63242.exe
2580	Unicorn-63242.exe
2784	Unicorn-5359.exe
2784	Unicorn-5359.exe
1968	Unicorn-55629.exe
1968	Unicorn-55629.exe
584	Unicorn-57409.exe
584	Unicorn-57409.exe
2564	Unicorn-9313.exe
2564	Unicorn-9313.exe
2012	Unicorn-26294.exe
1572	Unicorn-28331.exe
2012	Unicorn-26294.exe
1572	Unicorn-28331.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
2904	Unicorn-15276.exe
2904	Unicorn-15276.exe
2580	Unicorn-63242.exe
2580	Unicorn-63242.exe
2064	Unicorn-65032.exe
2064	Unicorn-65032.exe
1616	Unicorn-53185.exe
1616	Unicorn-53185.exe
2784	Unicorn-5359.exe
2784	Unicorn-5359.exe
1968	Unicorn-55629.exe
1968	Unicorn-55629.exe
1520	Unicorn-53377.exe
1520	Unicorn-53377.exe
2012	Unicorn-26294.exe
2012	Unicorn-26294.exe
2300	Unicorn-33511.exe
1724	Unicorn-40092.exe
2300	Unicorn-33511.exe
1724	Unicorn-40092.exe
584	Unicorn-57409.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
584	Unicorn-57409.exe
1572	Unicorn-28331.exe
1864	Unicorn-92.exe
1764	Unicorn-18274.exe
2564	Unicorn-9313.exe
1572	Unicorn-28331.exe
1864	Unicorn-92.exe
2564	Unicorn-9313.exe
1764	Unicorn-18274.exe
2248	Unicorn-38602.exe
2248	Unicorn-38602.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2840	280	WerFault.exe	57
2740	2364	WerFault.exe	106
1868	960	WerFault.exe	77

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49629.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
584	Unicorn-57409.exe
2784	Unicorn-5359.exe
2564	Unicorn-9313.exe
2580	Unicorn-63242.exe
1968	Unicorn-55629.exe
2012	Unicorn-26294.exe
1572	Unicorn-28331.exe
2904	Unicorn-15276.exe
2064	Unicorn-65032.exe
1616	Unicorn-53185.exe
2300	Unicorn-33511.exe
1864	Unicorn-92.exe
1764	Unicorn-18274.exe
1724	Unicorn-40092.exe
1520	Unicorn-53377.exe
2248	Unicorn-38602.exe
1328	Unicorn-53315.exe
796	Unicorn-17628.exe
1664	Unicorn-29003.exe
2804	Unicorn-11196.exe
2216	Unicorn-34217.exe
2360	Unicorn-9350.exe
2096	Unicorn-5266.exe
2324	Unicorn-33014.exe
2696	Unicorn-27148.exe
1444	Unicorn-55022.exe
1632	Unicorn-33279.exe
1932	Unicorn-33279.exe
280	Unicorn-24348.exe
1508	Unicorn-13413.exe
1840	Unicorn-9350.exe
2692	Unicorn-45998.exe
3036	Unicorn-17602.exe
3056	Unicorn-43813.exe
2584	Unicorn-1073.exe
1624	Unicorn-43813.exe
1960	Unicorn-26730.exe
2568	Unicorn-63273.exe
2548	Unicorn-43952.exe
1536	Unicorn-6501.exe
1420	Unicorn-6236.exe
2260	Unicorn-54232.exe
2036	Unicorn-6200.exe
1600	Unicorn-14923.exe
2200	Unicorn-42573.exe
876	Unicorn-42573.exe
916	Unicorn-46849.exe
960	Unicorn-63548.exe
1880	Unicorn-30710.exe
1784	Unicorn-29864.exe
2444	Unicorn-30129.exe
1924	Unicorn-46849.exe
808	Unicorn-8814.exe
2320	Unicorn-11607.exe
1564	Unicorn-60616.exe
1952	Unicorn-23113.exe
3004	Unicorn-39833.exe
2944	Unicorn-59677.exe
2576	Unicorn-44088.exe
2928	Unicorn-63424.exe
2524	Unicorn-2910.exe
2632	Unicorn-39603.exe
2908	Unicorn-35966.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 584	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	31
PID 628 wrote to memory of 584	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	31
PID 628 wrote to memory of 584	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	31
PID 628 wrote to memory of 584	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	31
PID 584 wrote to memory of 2784	584	Unicorn-57409.exe	32
PID 584 wrote to memory of 2784	584	Unicorn-57409.exe	32
PID 584 wrote to memory of 2784	584	Unicorn-57409.exe	32
PID 584 wrote to memory of 2784	584	Unicorn-57409.exe	32
PID 628 wrote to memory of 2564	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	33
PID 628 wrote to memory of 2564	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	33
PID 628 wrote to memory of 2564	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	33
PID 628 wrote to memory of 2564	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	33
PID 2784 wrote to memory of 2580	2784	Unicorn-5359.exe	34
PID 2784 wrote to memory of 2580	2784	Unicorn-5359.exe	34
PID 2784 wrote to memory of 2580	2784	Unicorn-5359.exe	34
PID 2784 wrote to memory of 2580	2784	Unicorn-5359.exe	34
PID 584 wrote to memory of 1968	584	Unicorn-57409.exe	35
PID 584 wrote to memory of 1968	584	Unicorn-57409.exe	35
PID 584 wrote to memory of 1968	584	Unicorn-57409.exe	35
PID 584 wrote to memory of 1968	584	Unicorn-57409.exe	35
PID 2564 wrote to memory of 2012	2564	Unicorn-9313.exe	36
PID 2564 wrote to memory of 2012	2564	Unicorn-9313.exe	36
PID 2564 wrote to memory of 2012	2564	Unicorn-9313.exe	36
PID 2564 wrote to memory of 2012	2564	Unicorn-9313.exe	36
PID 628 wrote to memory of 1572	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	37
PID 628 wrote to memory of 1572	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	37
PID 628 wrote to memory of 1572	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	37
PID 628 wrote to memory of 1572	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	37
PID 2580 wrote to memory of 2904	2580	Unicorn-63242.exe	38
PID 2580 wrote to memory of 2904	2580	Unicorn-63242.exe	38
PID 2580 wrote to memory of 2904	2580	Unicorn-63242.exe	38
PID 2580 wrote to memory of 2904	2580	Unicorn-63242.exe	38
PID 2784 wrote to memory of 2064	2784	Unicorn-5359.exe	39
PID 2784 wrote to memory of 2064	2784	Unicorn-5359.exe	39
PID 2784 wrote to memory of 2064	2784	Unicorn-5359.exe	39
PID 2784 wrote to memory of 2064	2784	Unicorn-5359.exe	39
PID 1968 wrote to memory of 1616	1968	Unicorn-55629.exe	40
PID 1968 wrote to memory of 1616	1968	Unicorn-55629.exe	40
PID 1968 wrote to memory of 1616	1968	Unicorn-55629.exe	40
PID 1968 wrote to memory of 1616	1968	Unicorn-55629.exe	40
PID 584 wrote to memory of 1764	584	Unicorn-57409.exe	41
PID 584 wrote to memory of 1764	584	Unicorn-57409.exe	41
PID 584 wrote to memory of 1764	584	Unicorn-57409.exe	41
PID 584 wrote to memory of 1764	584	Unicorn-57409.exe	41
PID 2564 wrote to memory of 2300	2564	Unicorn-9313.exe	42
PID 2564 wrote to memory of 2300	2564	Unicorn-9313.exe	42
PID 2564 wrote to memory of 2300	2564	Unicorn-9313.exe	42
PID 2564 wrote to memory of 2300	2564	Unicorn-9313.exe	42
PID 1572 wrote to memory of 1864	1572	Unicorn-28331.exe	44
PID 1572 wrote to memory of 1864	1572	Unicorn-28331.exe	44
PID 1572 wrote to memory of 1864	1572	Unicorn-28331.exe	44
PID 1572 wrote to memory of 1864	1572	Unicorn-28331.exe	44
PID 2012 wrote to memory of 1520	2012	Unicorn-26294.exe	43
PID 2012 wrote to memory of 1520	2012	Unicorn-26294.exe	43
PID 2012 wrote to memory of 1520	2012	Unicorn-26294.exe	43
PID 2012 wrote to memory of 1520	2012	Unicorn-26294.exe	43
PID 628 wrote to memory of 1724	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	45
PID 628 wrote to memory of 1724	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	45
PID 628 wrote to memory of 1724	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	45
PID 628 wrote to memory of 1724	628	f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe	45
PID 2904 wrote to memory of 796	2904	Unicorn-15276.exe	46
PID 2904 wrote to memory of 796	2904	Unicorn-15276.exe	46
PID 2904 wrote to memory of 796	2904	Unicorn-15276.exe	46
PID 2904 wrote to memory of 796	2904	Unicorn-15276.exe	46

C:\Users\Admin\AppData\Local\Temp\f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe
"C:\Users\Admin\AppData\Local\Temp\f57b91f357b4cb87a821d82ccc3c760c76e0dc93ac3d64749caf9778a2e669ddN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        9⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        9⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3690.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        7⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        7⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13370.exe
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56456.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
        6⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        7⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        6⤵
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        6⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        6⤵
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        5⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
        5⤵
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        7⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        5⤵
        
        PID:2364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 188
        6⤵
        Program crash
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        5⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        5⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19579.exe
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63424.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        8⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26727.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        7⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        6⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46386.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17571.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        6⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58593.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        6⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        5⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        6⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        7⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        6⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        5⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        5⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        5⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42235.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        5⤵
        
        PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52174.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
      4⤵
      PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        6⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
        6⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        6⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        6⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        5⤵
        Program crash
        
        PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
      4⤵
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
      4⤵
      PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        5⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7776.exe
      4⤵
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
      4⤵
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
      4⤵
      PID:6692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
    3⤵
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
      4⤵
      PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
    3⤵
    PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
    3⤵
    PID:4380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        5⤵
        
        PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        6⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24002.exe
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        5⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        5⤵
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        5⤵
        
        PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        6⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        5⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        6⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        5⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        5⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61300.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      4⤵
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
      4⤵
      PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
      4⤵
      PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3003.exe
      4⤵
      PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
      4⤵
      PID:6836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
    3⤵
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      4⤵
      PID:6428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
    3⤵
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40497.exe
    3⤵
    PID:5912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
    3⤵
    PID:6208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        6⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17347.exe
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3366.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33238.exe
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        5⤵
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
      4⤵
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      4⤵
      PID:6540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
    3⤵
    - Executes dropped EXE
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
      4⤵
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
      4⤵
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48365.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30110.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
      4⤵
      PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
      4⤵
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
    3⤵
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
      4⤵
      PID:6684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
    3⤵
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
    3⤵
    PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
    3⤵
    PID:6192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47322.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
      4⤵
      PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
      4⤵
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60743.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
        5⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
    3⤵
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
    3⤵
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36248.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
      4⤵
      PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
      4⤵
      PID:6200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
    3⤵
    PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
    3⤵
    PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
    3⤵
    - Program crash
    PID:2840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
    3⤵
    PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
    3⤵
    PID:5900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
  2⤵
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
    3⤵
    PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
    3⤵
    PID:4356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
  2⤵
  PID:3792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
  2⤵
  PID:4116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
  2⤵
  PID:5748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe

Filesize
468KB

MD5
06b98aabda7559fcaa5db40351859fa9

SHA1
91c0f9bf7a83d73ca78aa302131fb461e0325889

SHA256
b187f932e28561a805f0963a6f9587e3a3d8f32c674f86a516a660630dbe027b

SHA512
1c9fab181391ae6d687223bd21663d9520c42620cb598d873df25908ac6278340f6e985c9fe62a5f6a33ecea9231f447e0e3f4d760b43640782cd2e4c51052f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe

Filesize
468KB

MD5
3448e67fc3355c8608d577deeb91ec4b

SHA1
3a8c9eedd0b6c0d6fb403a6f13689ea090829cf9

SHA256
67f578b27ed24108a18f9e641506c788f009e2c240fa8340afe38f27181a5ebd

SHA512
e972e9bc4bbf0872f8ae62ffd856ca35065161dea87aa3a074a09b94f285b541f36708e48c0bc1095b777d26200f0a5a98eed188c8ebb312399c3e2cc5e77298

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe

Filesize
468KB

MD5
ff2a64a326bb8e8344d569cdd0864321

SHA1
9beac577a9e72c1cc527d5295ca742f1680888d2

SHA256
65d1ed125aaf4362b50134bfa9b2d14be4cefaff5fcea3b3348a9745cedf34a0

SHA512
2d56721424530b9b4b61724c6af8c0f7b9332ebfdc0f6e1b62f63147b98d8263ff9325949b804d9250fcb0ee923524bd93f3fc053bee4c3ec3f4a4367e6ff1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe

Filesize
468KB

MD5
246e33ed4d4a95e8fd9e80dc013744c1

SHA1
fe87aa01a4a544d4b318a940cda2fe1ee9bafd5a

SHA256
7e6eb23683c0f0b9df6a6718c72ce7e38742dc789607c027813eb8e177de6dc2

SHA512
7c0e3e4a444fa794996cf2afa397daa093c557746de62922f56047fb543744ae09900b066cbb772ea28f654ef3b33ff6ce258121dfd4343ba08586d938cd5674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe

Filesize
468KB

MD5
9517814e83fee6bbb4e2456d7bea2acf

SHA1
51745dbeb8a2ac4fef514172ae6abb9605d63b53

SHA256
a272e1ea3e15b13968b2b91b9ec2404cb5ac85578a23fbdd1fd98779a6818aa5

SHA512
16ac47325cc02a6ad66f6656f17f245866154d548a2463c84a3bceebe372711302a7f33d5cea9a46a5b0cce02f617323f0f5207a8ea7fad1c08f56b4ff661d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe

Filesize
468KB

MD5
79f8be72be8c6b568cea06fddedca308

SHA1
477dc199c204de0f7f516b7c231f395ae3c2228c

SHA256
ba9f99838f022b0d208e8246d61716ad4f2f5fa019b4c3053346c11e7b6c2bfd

SHA512
6b89ffddf55180fdd5bb93d57a8b6e0e8690acefa83596e4f665e767efe012d9bf62713fbccb7a8b13e5e5fecf0edf16ee324693e25d3f863071f4ae7af1cbf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe

Filesize
468KB

MD5
5901622d2b65ecf1bb7ed98022466504

SHA1
d4150fc117510226796c92b0e0c6fe6f369bf0e4

SHA256
336a42e5b6d293dfb98cd24f942f5fe663781b33f3ad6d747217e83f3082596f

SHA512
5f15a143fa3b12e99cc43cc09ef27170f7db7f0333618f573f98a94fac39a6efe119e216c646b687a91eee822ee37bcff76fa1a8f3859421ff4f5cfd66f42998

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17628.exe

Filesize
468KB

MD5
44d95ca859568c076306e040b4baa310

SHA1
fcaa28dac0c9d8a65752137d149283def9d7054c

SHA256
4658c304a8f77d05c82b626a889bda39041755db772e8ffefdc06fcbd19fe105

SHA512
f8413295f50ea6d893810f86b3f440062b23da6d4f0bf312cf81eabf89f6c516efc8ddff6627495de846c6a9679ab822e8da3adddde2211b534ddeef270d53dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe

Filesize
468KB

MD5
5562ee089500d7f8907a59440dcbfea1

SHA1
a011a4511dd2fea28b331c355b8652e8c6571ff5

SHA256
ed5c1da187bf054ba17f98105a7c1c1a29f0d696652129de9f1e5f53a5b0bedc

SHA512
da450e9363d37167e7b64cffb64c561cabf080005ce2e7546d493e6173447d3cfa6957c8cb80000dfd66c73211782d08029850f138591d79241f640b58099690

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe

Filesize
468KB

MD5
fe8b93459755ccceb0d5fcb6df3116ba

SHA1
57773433a102ace2940d92e538036bb3a6684d1e

SHA256
308bc7ce697196695fc475bd307081de94a93eff70b039810e32b0038dd923e0

SHA512
3fe67b455066e0e87e47e12a55ad9d1215c8b5feba583c257035a8c1b669cf436849ccaf77bc13d001e6f0b86dfae629493767779011edd1063d3fb7bd510bd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe

Filesize
468KB

MD5
e2ee563cd44f975b26399f7276cc25ab

SHA1
d5fb3c247bcbcca5c91f83364e8783444fce2377

SHA256
aaa66d20dbde970401ff3758fee9fc9fa5d3dbb1d422326b9bca24e6a394c883

SHA512
a3177a5a79d611a0b7848618d01738be0e7a2b9fe19992fdf1157b0aaf007a14ecbb80f2d7d7086d62ccfdc645ca058266db331a6fd084b6dcd9ea5c856dac5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe

Filesize
468KB

MD5
2e5a24bfa5e3695507a511dddd81cb72

SHA1
91231f73d08305f834dd1869e6e974afab5196ce

SHA256
8b8a9685a6900e64dc32da168dadc827753431fa8254dc8b5cd13de244e3f687

SHA512
9a7682851ddb1f44effd8179b6807462758ff1c3e1ba5e09f055aab49e7f1a35d2e16fee727370efcb38ff324449e73a3cd829f9640f6c70bc7013e1d397e11d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe

Filesize
468KB

MD5
b9f932cbdc06c6b10f9022e97026bc55

SHA1
aaad11b9416da2cbf24c002249a456302760ce17

SHA256
10ae4593717db6ca2d9556fe32a3e3f8720be09af1eda29ebc5feff32e9b1a85

SHA512
dc5aedb49832799916b9d4b0bb6558057dd16e1da438c93012812b304c6b3284c7a41d4f9279bfcbc27fc116f20174e19b97f1b4a1d0e9f0989a841a4e0340cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe

Filesize
468KB

MD5
8a80b864be86d91be311716a42c53e39

SHA1
2363a3c35d9227f69f170d6e20c00935c4f4bf15

SHA256
770c1dc19f481c4cd7571c7fcdad2711e2329126dca073ece307ceb799c795b0

SHA512
d248f8a90dc1130ec1845d58b1ae61249f13bc7af5605c8ae6e8c8ca4cb52088202edd4679f40251213ce61a8ad2907d66d1a5459b1ce356300f664b99f478b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53377.exe

Filesize
468KB

MD5
b4b2b0715e0860c2b05722c0337ffb86

SHA1
80dcf3dfee28e1f84b546291eb94b6bfa7bcc989

SHA256
3b5d5aa7c6a090393ca247eac014e34638df435ea276438429cd91c6029467bb

SHA512
184a41e129caf478a4fe5ec42b843a7248646c6148e7845a59c53c68724eabe687259dd1d912130cda8dd2b55cd480aaa37a9ce740728164998252c6433ce8f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe

Filesize
468KB

MD5
41d7505e8c1762f548273c4481985792

SHA1
08db346243086d6ef9e6daafb9b1f1970585a5cf

SHA256
cea0cfb0e7a033386471c29e4c13d987d1b670f21475931ed9599d187202a94a

SHA512
08bee7818f64c5bcb85163911ea113166edcee8819663e1c7a54628912b2535a20fbf4d3e1e190beb7f19a0d563c109dcc0f511b8d9d93ea2f4d0cbea2f8588d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe

Filesize
468KB

MD5
6daece8d59c5e0f640098b8932288e5d

SHA1
1ba67421856c5ca65889db4cd8ddcc46f6a591d8

SHA256
316b3ad6d7ae8965b0df2796932c9fdba1939ab72055dd2410c2ff34e29924c8

SHA512
c5d60721bb44b4758695784dd4ee10623624bc6738f2d512695332e0ef8232f88f504d993b78b6da453c2513505bcd1356d2982a56f396204a8c541eb3c71a70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe

Filesize
468KB

MD5
c6f45ae3b9b419d385c78e5e4da2d30e

SHA1
cf1d78a62192afaf737952aa6babe12ed3b44543

SHA256
8281dab1e2fe9d1a2488185b853a9166df830b32fbece7c4cffbffbc83c3fb4c

SHA512
a6554988b6e73c529ab9fa1a87133c0a931e2014a73b44c4644bfb3e911da955727f5288af3d9d445ee7c39434fdf0801ee67cc1532b5bf3ab0282d53e95c0ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-92.exe

Filesize
468KB

MD5
e5e01b7ce9597e0855b9f76ff0a83e2f

SHA1
b5be1fe5945d9d7ecaac24939947551c0a46a659

SHA256
7e851dc845802d1d8d85811cc9ff1d68a41b229449b1ba23ee969db09ad49106

SHA512
6401a27aae2a94408cf1cac83c7597468b00ba32481cb7ebd7bcbb02d0c7d9ebf3387af79694fa2a775f50c544131771240ea42365941873218748af0f3b6f25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe

Filesize
468KB

MD5
5ef7723b40d9d7d24f849d0043326b35

SHA1
e895227403f9185ae0de2bd52dab26221ccbcc5c

SHA256
c7c35cb74a935ced3cd393565b62c4f079c5d9ffb3a4d08c37d81e9629c16b6b

SHA512
8b1d4f70ee135b00c6b14e0806692bc95f9335ab0904aeb71094785e73349672450d947cc1aeba63ea488bbf4cb85f460809f098c2e1c90d836744f302214ac2

Download Submit
memory/280-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/584-299-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/584-300-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/584-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/584-59-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/584-20-0x0000000003590000-0x0000000003605000-memory.dmp

Filesize
468KB

Download
memory/584-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/584-125-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/584-142-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/584-384-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/584-381-0x0000000003590000-0x0000000003605000-memory.dmp

Filesize
468KB

Download
memory/628-301-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/628-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/628-179-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/628-173-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/628-302-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/628-11-0x0000000003480000-0x00000000034F5000-memory.dmp

Filesize
468KB

Download
memory/628-15-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/628-358-0x0000000003480000-0x00000000034F5000-memory.dmp

Filesize
468KB

Download
memory/796-382-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/796-202-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/796-374-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/1328-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1444-279-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1508-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-268-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1520-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1520-271-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1572-317-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1572-155-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1572-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1572-306-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1572-167-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1616-372-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1616-122-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1616-231-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1616-236-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1632-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1664-370-0x0000000001E50000-0x0000000001EC5000-memory.dmp

Filesize
468KB

Download
memory/1664-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1724-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1724-283-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1724-281-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1764-310-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1764-146-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1764-321-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/1864-169-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1864-309-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1864-318-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1968-255-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1968-260-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1968-119-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1968-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-277-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2012-278-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2012-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-168-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2012-154-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2064-108-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-225-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2064-392-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2064-224-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2096-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-262-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-350-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2300-149-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-282-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2300-280-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2324-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2360-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2548-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-71-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/2564-148-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/2564-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-147-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/2564-320-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/2568-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-214-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/2580-359-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/2580-211-0x0000000003460000-0x00000000034D5000-memory.dmp

Filesize
468KB

Download
memory/2584-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2692-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-107-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2784-48-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2784-248-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2784-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-249-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2804-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2904-195-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2904-200-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2904-391-0x0000000002590000-0x0000000002605000-memory.dmp

Filesize
468KB

Download
memory/2904-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download