b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
Size

468KB
MD5

fb2ba45a79d743ebbd6c5bbfeb16d580
SHA1

9b5302c887b64dc8e394c68225fb1f778fa47eeb
SHA256

b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5
SHA512

8b845526616662f9bd605781c193f69440f63e4b1752f9f02b4c291f9dc2763449e9a66d033cf5ce9ecd5ff2af19c7d05e5144df2f667798ce084bc35010e70f
SSDEEP

3072:4begogxaIK57tbYZPzcfmbfG/n2xnsIH9QmyeQVqAf5KkkiVurula:4btoCO7tCP4fmbfaa7wf5D7Vur

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2392	Unicorn-48209.exe
2568	Unicorn-3751.exe
2376	Unicorn-61867.exe
2888	Unicorn-62511.exe
2740	Unicorn-22225.exe
2768	Unicorn-46367.exe
2780	Unicorn-3179.exe
2672	Unicorn-5500.exe
1732	Unicorn-63616.exe
804	Unicorn-51769.exe
3036	Unicorn-10736.exe
2676	Unicorn-4606.exe
2884	Unicorn-10160.exe
2960	Unicorn-9895.exe
2972	Unicorn-55832.exe
2552	Unicorn-20140.exe
380	Unicorn-16802.exe
2088	Unicorn-36668.exe
1728	Unicorn-30153.exe
628	Unicorn-3611.exe
108	Unicorn-3611.exe
2588	Unicorn-37954.exe
1976	Unicorn-61904.exe
1760	Unicorn-42038.exe
396	Unicorn-29232.exe
996	Unicorn-9366.exe
1384	Unicorn-49652.exe
2196	Unicorn-51882.exe
2360	Unicorn-24572.exe
2244	Unicorn-15641.exe
2164	Unicorn-44727.exe
1768	Unicorn-8702.exe
2264	Unicorn-30283.exe
1576	Unicorn-534.exe
2576	Unicorn-58650.exe
3044	Unicorn-11909.exe
2756	Unicorn-50373.exe
2796	Unicorn-29398.exe
2068	Unicorn-29952.exe
2904	Unicorn-17146.exe
3056	Unicorn-4872.exe
2644	Unicorn-61878.exe
2372	Unicorn-45277.exe
2336	Unicorn-5469.exe
1780	Unicorn-29901.exe
1796	Unicorn-30166.exe
2936	Unicorn-42418.exe
1984	Unicorn-60984.exe
2860	Unicorn-22744.exe
2836	Unicorn-46694.exe
1928	Unicorn-50778.exe
1104	Unicorn-5640.exe
2076	Unicorn-54286.exe
1696	Unicorn-54286.exe
884	Unicorn-48156.exe
604	Unicorn-5832.exe
1988	Unicorn-49632.exe
1496	Unicorn-58562.exe
2168	Unicorn-15566.exe
2268	Unicorn-21697.exe
1540	Unicorn-43356.exe
1392	Unicorn-37756.exe
1708	Unicorn-17229.exe
2176	Unicorn-26143.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2392	Unicorn-48209.exe
2392	Unicorn-48209.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2568	Unicorn-3751.exe
2568	Unicorn-3751.exe
2392	Unicorn-48209.exe
2392	Unicorn-48209.exe
2376	Unicorn-61867.exe
2376	Unicorn-61867.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2888	Unicorn-62511.exe
2568	Unicorn-3751.exe
2888	Unicorn-62511.exe
2568	Unicorn-3751.exe
2740	Unicorn-22225.exe
2740	Unicorn-22225.exe
2768	Unicorn-46367.exe
2768	Unicorn-46367.exe
2392	Unicorn-48209.exe
2392	Unicorn-48209.exe
2780	Unicorn-3179.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2376	Unicorn-61867.exe
2780	Unicorn-3179.exe
2376	Unicorn-61867.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2672	Unicorn-5500.exe
2672	Unicorn-5500.exe
2888	Unicorn-62511.exe
2888	Unicorn-62511.exe
1732	Unicorn-63616.exe
1732	Unicorn-63616.exe
2568	Unicorn-3751.exe
2568	Unicorn-3751.exe
2884	Unicorn-10160.exe
3036	Unicorn-10736.exe
2884	Unicorn-10160.exe
3036	Unicorn-10736.exe
2768	Unicorn-46367.exe
2768	Unicorn-46367.exe
804	Unicorn-51769.exe
2780	Unicorn-3179.exe
804	Unicorn-51769.exe
2780	Unicorn-3179.exe
2740	Unicorn-22225.exe
2740	Unicorn-22225.exe
2972	Unicorn-55832.exe
2972	Unicorn-55832.exe
2960	Unicorn-9895.exe
2960	Unicorn-9895.exe
2376	Unicorn-61867.exe
2376	Unicorn-61867.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2676	Unicorn-4606.exe
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2676	Unicorn-4606.exe
2392	Unicorn-48209.exe
2392	Unicorn-48209.exe
380	Unicorn-16802.exe
380	Unicorn-16802.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2900	1732	WerFault.exe	38
1060	3044	WerFault.exe	66
552	2088	WerFault.exe	47
1624	2756	WerFault.exe	67
3268	2352	WerFault.exe	97
4796	2004	WerFault.exe	99
956	5016	WerFault.exe	351

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53159.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29401.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
2392	Unicorn-48209.exe
2568	Unicorn-3751.exe
2376	Unicorn-61867.exe
2888	Unicorn-62511.exe
2740	Unicorn-22225.exe
2768	Unicorn-46367.exe
2780	Unicorn-3179.exe
2672	Unicorn-5500.exe
1732	Unicorn-63616.exe
2884	Unicorn-10160.exe
804	Unicorn-51769.exe
3036	Unicorn-10736.exe
2676	Unicorn-4606.exe
2960	Unicorn-9895.exe
2972	Unicorn-55832.exe
2552	Unicorn-20140.exe
380	Unicorn-16802.exe
2088	Unicorn-36668.exe
1728	Unicorn-30153.exe
108	Unicorn-3611.exe
628	Unicorn-3611.exe
2588	Unicorn-37954.exe
996	Unicorn-9366.exe
1760	Unicorn-42038.exe
1976	Unicorn-61904.exe
1384	Unicorn-49652.exe
396	Unicorn-29232.exe
2244	Unicorn-15641.exe
2196	Unicorn-51882.exe
2360	Unicorn-24572.exe
2164	Unicorn-44727.exe
1768	Unicorn-8702.exe
1576	Unicorn-534.exe
2264	Unicorn-30283.exe
2576	Unicorn-58650.exe
3044	Unicorn-11909.exe
2756	Unicorn-50373.exe
2796	Unicorn-29398.exe
2068	Unicorn-29952.exe
2904	Unicorn-17146.exe
3056	Unicorn-4872.exe
2644	Unicorn-61878.exe
2372	Unicorn-45277.exe
2336	Unicorn-5469.exe
1796	Unicorn-30166.exe
1780	Unicorn-29901.exe
2936	Unicorn-42418.exe
1984	Unicorn-60984.exe
2860	Unicorn-22744.exe
1928	Unicorn-50778.exe
2836	Unicorn-46694.exe
1104	Unicorn-5640.exe
2076	Unicorn-54286.exe
1696	Unicorn-54286.exe
884	Unicorn-48156.exe
604	Unicorn-5832.exe
1988	Unicorn-49632.exe
1496	Unicorn-58562.exe
2268	Unicorn-21697.exe
2168	Unicorn-15566.exe
1540	Unicorn-43356.exe
1392	Unicorn-37756.exe
1708	Unicorn-17229.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2392	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	30
PID 2156 wrote to memory of 2392	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	30
PID 2156 wrote to memory of 2392	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	30
PID 2156 wrote to memory of 2392	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	30
PID 2392 wrote to memory of 2568	2392	Unicorn-48209.exe	31
PID 2392 wrote to memory of 2568	2392	Unicorn-48209.exe	31
PID 2392 wrote to memory of 2568	2392	Unicorn-48209.exe	31
PID 2392 wrote to memory of 2568	2392	Unicorn-48209.exe	31
PID 2156 wrote to memory of 2376	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	32
PID 2156 wrote to memory of 2376	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	32
PID 2156 wrote to memory of 2376	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	32
PID 2156 wrote to memory of 2376	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	32
PID 2568 wrote to memory of 2888	2568	Unicorn-3751.exe	33
PID 2568 wrote to memory of 2888	2568	Unicorn-3751.exe	33
PID 2568 wrote to memory of 2888	2568	Unicorn-3751.exe	33
PID 2568 wrote to memory of 2888	2568	Unicorn-3751.exe	33
PID 2392 wrote to memory of 2740	2392	Unicorn-48209.exe	34
PID 2392 wrote to memory of 2740	2392	Unicorn-48209.exe	34
PID 2392 wrote to memory of 2740	2392	Unicorn-48209.exe	34
PID 2392 wrote to memory of 2740	2392	Unicorn-48209.exe	34
PID 2376 wrote to memory of 2768	2376	Unicorn-61867.exe	35
PID 2376 wrote to memory of 2768	2376	Unicorn-61867.exe	35
PID 2376 wrote to memory of 2768	2376	Unicorn-61867.exe	35
PID 2376 wrote to memory of 2768	2376	Unicorn-61867.exe	35
PID 2156 wrote to memory of 2780	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	36
PID 2156 wrote to memory of 2780	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	36
PID 2156 wrote to memory of 2780	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	36
PID 2156 wrote to memory of 2780	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	36
PID 2888 wrote to memory of 2672	2888	Unicorn-62511.exe	37
PID 2888 wrote to memory of 2672	2888	Unicorn-62511.exe	37
PID 2888 wrote to memory of 2672	2888	Unicorn-62511.exe	37
PID 2888 wrote to memory of 2672	2888	Unicorn-62511.exe	37
PID 2568 wrote to memory of 1732	2568	Unicorn-3751.exe	38
PID 2568 wrote to memory of 1732	2568	Unicorn-3751.exe	38
PID 2568 wrote to memory of 1732	2568	Unicorn-3751.exe	38
PID 2568 wrote to memory of 1732	2568	Unicorn-3751.exe	38
PID 2740 wrote to memory of 804	2740	Unicorn-22225.exe	39
PID 2740 wrote to memory of 804	2740	Unicorn-22225.exe	39
PID 2740 wrote to memory of 804	2740	Unicorn-22225.exe	39
PID 2740 wrote to memory of 804	2740	Unicorn-22225.exe	39
PID 2768 wrote to memory of 3036	2768	Unicorn-46367.exe	40
PID 2768 wrote to memory of 3036	2768	Unicorn-46367.exe	40
PID 2768 wrote to memory of 3036	2768	Unicorn-46367.exe	40
PID 2768 wrote to memory of 3036	2768	Unicorn-46367.exe	40
PID 2392 wrote to memory of 2676	2392	Unicorn-48209.exe	41
PID 2392 wrote to memory of 2676	2392	Unicorn-48209.exe	41
PID 2392 wrote to memory of 2676	2392	Unicorn-48209.exe	41
PID 2392 wrote to memory of 2676	2392	Unicorn-48209.exe	41
PID 2780 wrote to memory of 2884	2780	Unicorn-3179.exe	42
PID 2780 wrote to memory of 2884	2780	Unicorn-3179.exe	42
PID 2780 wrote to memory of 2884	2780	Unicorn-3179.exe	42
PID 2780 wrote to memory of 2884	2780	Unicorn-3179.exe	42
PID 2156 wrote to memory of 2960	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	43
PID 2156 wrote to memory of 2960	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	43
PID 2156 wrote to memory of 2960	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	43
PID 2156 wrote to memory of 2960	2156	b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe	43
PID 2376 wrote to memory of 2972	2376	Unicorn-61867.exe	44
PID 2376 wrote to memory of 2972	2376	Unicorn-61867.exe	44
PID 2376 wrote to memory of 2972	2376	Unicorn-61867.exe	44
PID 2376 wrote to memory of 2972	2376	Unicorn-61867.exe	44
PID 2672 wrote to memory of 2552	2672	Unicorn-5500.exe	45
PID 2672 wrote to memory of 2552	2672	Unicorn-5500.exe	45
PID 2672 wrote to memory of 2552	2672	Unicorn-5500.exe	45
PID 2672 wrote to memory of 2552	2672	Unicorn-5500.exe	45

C:\Users\Admin\AppData\Local\Temp\b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe
"C:\Users\Admin\AppData\Local\Temp\b1a484f675ba26e4ab155480414c91a69dae9e3e724909d4782edb61b49da5f5N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56136.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54476.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        7⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        6⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        6⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        6⤵
        Executes dropped EXE
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        7⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 188
        8⤵
        Program crash
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        6⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28582.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        5⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36623.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        5⤵
        
        PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        8⤵
        Program crash
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        7⤵
        Program crash
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        7⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
        7⤵
        Program crash
        
        PID:4796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        6⤵
        
        PID:1152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        6⤵
        Program crash
        
        PID:1624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        5⤵
        Program crash
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        6⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59898.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48148.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      4⤵
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        7⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        7⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27973.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        6⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        6⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        5⤵
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        5⤵
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        6⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        6⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61577.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24572.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        6⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        5⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38149.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
      4⤵
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
      4⤵
      PID:5472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
      4⤵
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42442.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30888.exe
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
      4⤵
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42078.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
      4⤵
      PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25520.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
    3⤵
    PID:892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
    3⤵
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
    3⤵
    PID:5452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30885.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48679.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        5⤵
        
        PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        5⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
        6⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
        5⤵
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32750.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      4⤵
      PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        6⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40409.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34720.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
      4⤵
      PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16823.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61182.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
      4⤵
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
      4⤵
      PID:5312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
    3⤵
    PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
    3⤵
    PID:5124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18428.exe
        6⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57098.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        6⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8420.exe
        6⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        5⤵
        
        PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
      4⤵
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        5⤵
        
        PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
      4⤵
      PID:6132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
    3⤵
    PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
    3⤵
    PID:5404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        5⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
      4⤵
      PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
      4⤵
      PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
    3⤵
    PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26360.exe
    3⤵
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
    3⤵
    PID:4196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
    3⤵
    PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
    3⤵
    PID:5176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
    3⤵
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
      4⤵
      PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
    3⤵
    PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
    3⤵
    PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
    3⤵
    PID:5624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
  2⤵
  PID:1588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
  2⤵
  PID:4064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
  2⤵
  PID:3168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
  2⤵
  PID:5416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe

Filesize
468KB

MD5
6c535519c989c78c5ed32a5cb19377c0

SHA1
3fac6f63c8c08194cc8cf76c0c3a4d76ce177a09

SHA256
ff92a2d3035d7233a01ced60d6dfe2805023cf8880418a0ab98bf8a5557f797c

SHA512
97c5960498349ae32597622aeb691cbdc66dd3accd51d0b3858b575321da3598da9f2dd1bf1216c02242d1c60cd13f41357e497050126bb565b6793d490490f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe

Filesize
468KB

MD5
346abdf09260fb99b1d4bef5d585d8d1

SHA1
2827ab0b477aee136589f59dedf1f03212507404

SHA256
2f97bfca8942f4e3b425f0994d638889b31725b04c1307ae0f8e571a4121638b

SHA512
decc48757571c0949a0362d30e8d5fe085a4006ca29b05ad470e6c568f502847db3dc76db3c6397891fc57228b72ba8d86dd2ac4c0b9575e00a71c267c093c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe

Filesize
468KB

MD5
1058e9354ec4ad1b67e94300389eda1e

SHA1
789db8797e845bbf7cc4ea2b36c6dee663ea96ae

SHA256
472c7b61987f4d14be5d8534a47586b87fe83405d83db53b1145e24bd4f9703d

SHA512
3497b07507d9f44ea8719827d49e815930375807d4d34f3997e4179656d056fee6731e393c92017569a027d6825d5b5ccf1c5737d688a6fe2c84bcb52baa3e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe

Filesize
468KB

MD5
ec74bdce410a02c06621fa7295d3181c

SHA1
5a5f44936d68d2e5e35f27c3bdbd1f776f0b9739

SHA256
d719db680c728dbe69f761846894c5258d2b5af5326f90295fb41d891cfc2162

SHA512
3e6a120f4c42905a31491e93c0c92649935688edd8ea7b660e00ee998460c2e010ca502406ab4558e8e598185522913398d4c229c14da95c6d566a8a345d607c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe

Filesize
468KB

MD5
e99a7ffd3bb2d5e12a06b00bc6f28ae6

SHA1
6aedcc8a817ed42008f7522d12d8161850b88fe9

SHA256
d5f75f809fa05486ae1533ce2607921fccbf29f6d1fd21015046cb14c262f06a

SHA512
c95b32a838169a30d336871b51ef517583c5a81b0f293efce4427677901c0b25284bfc4d98f8e0b61d311329aeb63d5e03df8b003906e03f0a190844a54e12dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe

Filesize
468KB

MD5
1fe1dd79fb33778cd388cebb97f68acf

SHA1
70c06d4a949086e6a7faed7ae615f4728794312d

SHA256
d1ec0863c48d317e5f8c02de8c850bd257a5130fa3fbb5b7eb025377faa998ee

SHA512
ca0f7da9adc58e2b390caa2940775f722cea661d4191e0efe40fcf02eb14e970b5ae3072f3f0e2d801148d9c73e65ba6678955fbdb686a750806497af44f0d1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe

Filesize
468KB

MD5
67f17febc86d8e2b53e4dd90dc733b29

SHA1
0b46db34d36afd2ba05566f2e67676c3978a42d6

SHA256
724be682603d820150c958df477ca64494a03e8ae3e363755477e1e85573848d

SHA512
b54e4f6ce134e50bbf716e61ec66a307b9020076c82e951d76c705c7184deea0fcaafaa2457ea54708a0532ae1c90700125f3eaa70bea8a851da40b3941c16c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe

Filesize
468KB

MD5
15b637629fd2643f6c73014e327b4850

SHA1
c04cf96f245642658e3548dab7980a3a1affbd3c

SHA256
88eb59e9eef9b46601a9ff1952d8f1f9b1965643049ea680b2fae2ad0a9b5083

SHA512
eeb012d7400c39b91debe9581f18f0f226be8883c633a3a6251eb46af7c99ae5dd7e31bfd2d56d43d92a4623c1b3609fdba5d087e1cb74cb86c5b30e6be869c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe

Filesize
468KB

MD5
4bf2be013be862152b467a7ff6026b52

SHA1
93b82c47b80a5a4b3c309bab44bcff4888bb95b1

SHA256
20f6ba57a30b63e26c6da8612a5252f8170f31f18b859e9bac51af254d69fef5

SHA512
1e6247dfb84d7e5e02139dd7a4f80dabc3a097e79b7edff8a5b62953944db2836c3f63698ec945c840bc48735e57be3861d49f8d071d3cfa7ff158b9e0f05a4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe

Filesize
468KB

MD5
c5b9a269fe6eb9146fb265c45c0da391

SHA1
c97047fdb29552d2407dc96e11c6aa2c6ce02a96

SHA256
6e62a8b312aa9cf0687fc0dca698fcd32dd0e32714fd4c7e6331714e23daf1de

SHA512
464c0f4218301a04af2b871f675d7bae02af1906f6e86457c4a16a4a8ac91a721adc7821cfb875cbd56e7922a2df89c1c3986db49d1089298ed9d8c59428e9b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe

Filesize
468KB

MD5
83784773d2ce8e8464f97265ee796403

SHA1
f64cf57aa1a04a266edddc2b32c94183e21b1f4b

SHA256
d828a0ec9f10d6609cc3a4c8b236d0989af61a49405b8298902df13f65f629bc

SHA512
96acba32e7c443be86a64c59636ac43c84598c116171c9499c0e13cb0841a62b30d3a83b940937b42c02023eb6aea2588feb1998ad906484454d08e21a951a04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe

Filesize
468KB

MD5
92a789e59d6578206e40cae2be3478bd

SHA1
8d317b5975a4455710c1c87d8d8dc1f144e85045

SHA256
9a1bdab219111b2dcb09094c41fc37d0c7f30eb348c67cff2a53e09e81dd1676

SHA512
4702c5ecd4a5d63f0a1798856584595fced015e714451108248b2cf7e5248aaf560111f62165c07e0f9c59823f07d38bb6d117d4e67a1abe1dc79cfc1e59aa6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe

Filesize
468KB

MD5
b15ad48e847f042d220435006e99ebde

SHA1
f89229d74492b544f32067dcddeed5e73cfe247d

SHA256
d244e183bce32de8c0598043d51406cef7a5ae16a110d47f05138e5e54da40c9

SHA512
b0ff8249ab7b4b3415a4b0fd663b93e23017318ef51b742776378057f69f584e61325acca5bb0737c44240b17c890905dc6b204d59fe01a0dd9d68cf72e988a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4606.exe

Filesize
468KB

MD5
dee98ab177f35613b4ad25fccf08d8d2

SHA1
db60d7e12b18702aa96871470e2e930b6e870aba

SHA256
e8b108f2f0e312954febe77d61e8c41cc96110b6cf7d4580036191a39440c717

SHA512
bdc242b1a8137a29feea9ebb4cc6d85e442b2c8ae10065681f7ba926cb64154dde4ac3d2d6691a6d657b5df4304b05e1fbc22dbdcce238eb2b2c11df3506a065

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe

Filesize
468KB

MD5
52ab8e5681c4ab785506f2c6ff71cc13

SHA1
b6376a5a869101b3ffedc70219962b30b0d124af

SHA256
50a37211001ca70c1741cb331c1068eac594b221f48a1963b7417e2079247fdb

SHA512
a50c028f7df51fcf9e480491f98e5871ab3da64151f25b562ba3eedff368d0acab4b7d2c96ad0b90e615cca2577bebeb5bafa0e6c1c2887638fca25ba5435a37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe

Filesize
468KB

MD5
116d94c8ad2fff7c68e9c8cf5d5f215b

SHA1
79158ff296507e9615d1b1b082eff4fe0ec4b455

SHA256
a9e1d7bce36f4beeba5b0dd445d05680d187f6e4f239afce6d54c11489c62b57

SHA512
e4a40cf5c97c024ca6f6320937d320f2773e723954428c7b5292b5bb18bd229a5d09fe27dd949d336766dee259c3519e0b0936642e2c28a2e47d7a97bcae8d08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe

Filesize
468KB

MD5
012405e4faeee01f90a952ae62b15e36

SHA1
5b3843239fb0140ed1d02c53e947d58b2bc85e8d

SHA256
54d609677c01b823c48330cf7a64d3ce22f8bc85ffbc5ed9f886516b92fa373b

SHA512
952a44a27ffad734a412a492a3029e1a27ac9936c33f0f113f8e40b6c48ef00a8fc7621209c872b4a621d0311d4a3a3a0bff692e0da577c064163b9a76d460a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe

Filesize
468KB

MD5
80fe701ae6708d7182941d8c96b8b386

SHA1
12a0f4cf86f50611ab9b1c0e449a0a6656ab95da

SHA256
2a6445494b22005635ff1d3db7c045f4306a06c5dbcdc7930c566b2921fe6a9d

SHA512
6641b57245f8d550ecc27b21a419f601bf7a01c7f07b1fcc6bcd00e0c9f4ed6c9aa465c0c2090641ec202d162cde9eaf766d7cbef22abf3c00d6bf38864f9854

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe

Filesize
468KB

MD5
cc0de4de2fd4da798d3f3c2233d8e932

SHA1
28972f9f23bc34b565740195d9dfee6063093e5e

SHA256
1209faae8fb6e31323c38f23805bd63d9be94ab5b4a4d014c7de9dbeab8cfebd

SHA512
8acb75b57e6f61ed6977a2ac5e75b13d81b9a41d6ecb5f6f3eecfcc89b327742f0fc5b07eec08eb6bf56b162208c069ebff1ba139788d1da127129bbdd20698a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62511.exe

Filesize
468KB

MD5
574d1618686b3cc1ab5fa2820c8ff409

SHA1
34473870b8d85971bf96fcc2614c5dcf58ff8b19

SHA256
999370f9280c293364f0437d5336bfe6f27be764df28f83f73d1ec82e9873672

SHA512
540aaaf0a7689944338e89e973d0df7e6761b0964e40af4c6c5154d05a077660114046bfa66fe516091e9c406fd268c38ad47ffef85fcfd7d4909342ba4666ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe

Filesize
468KB

MD5
43ee9da78f89759231145d7b8559ffaf

SHA1
6761c740da78927dc1e8f1b5011a8a4597d67956

SHA256
e85f91d184907b8cbebc64212f8184a800968191e959e36cdfe0e9bc8755d995

SHA512
6b7cde68d79ae3b683fa417617ddf368d92c0186e3c9f6d8656321c91d59226337f7fbea00bc15f447129af28369903b777118456df6d75c1d304d07aaef17d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe

Filesize
468KB

MD5
404c1892abf782349f58f72d8875ae9a

SHA1
78991372fd8a1f425b2ea1a5a2970ec05c663a96

SHA256
bc29d7293114d9497548a8952424c16a35f29b042de680bf5a944ce331a3b394

SHA512
c39449f13bc3409c50f2902941620822946f8edaf81376daf73ff9f76a29cee0d98f3eddda66595226a3909fc167086d4f6918bd229872a3c06d339d3c67c7d7

Download Submit