91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
Size

192KB
MD5

90d878edc30bef132e1758ff203d124e
SHA1

259cb6af150c33a81eafe63e4326cd3858f7f267
SHA256

91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0
SHA512

be615fdd6458799e768f30bdb77db48964115c7974513d3b60b09bd98439b5364355f745d26bb4241f6169486da9d344ce9f74e84f560796fbe427db3a02a341
SSDEEP

3072:ych7oPoykywQnOjG8dEFsJkLfhUzMyefeKYJxE/m5lHtpFlg:ycBoS3Qn586FsJFR0Cj5lHtpF+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1816	Unicorn-27749.exe
2180	Unicorn-65190.exe
2388	Unicorn-46586.exe
2852	Unicorn-55572.exe
2824	Unicorn-18493.exe
2860	Unicorn-38359.exe
2540	Unicorn-7684.exe
1288	Unicorn-57077.exe
2360	Unicorn-13351.exe
1684	Unicorn-59023.exe
1636	Unicorn-27611.exe
1176	Unicorn-64825.exe
1820	Unicorn-61981.exe
2712	Unicorn-15734.exe
2092	Unicorn-15926.exe
2080	Unicorn-61597.exe
1480	Unicorn-658.exe
1300	Unicorn-658.exe
2952	Unicorn-64778.exe
2040	Unicorn-5910.exe
1512	Unicorn-1997.exe
1544	Unicorn-22548.exe
1856	Unicorn-25428.exe
752	Unicorn-4986.exe
2228	Unicorn-41380.exe
1144	Unicorn-7747.exe
1560	Unicorn-37082.exe
984	Unicorn-10435.exe
2496	Unicorn-23434.exe
2320	Unicorn-10627.exe
1608	Unicorn-27457.exe
2176	Unicorn-7591.exe
1304	Unicorn-56616.exe
2656	Unicorn-39896.exe
2848	Unicorn-36942.exe
2564	Unicorn-9911.exe
2936	Unicorn-22910.exe
532	Unicorn-42392.exe
2532	Unicorn-23595.exe
2776	Unicorn-38971.exe
1532	Unicorn-58837.exe
2232	Unicorn-42501.exe
2780	Unicorn-33202.exe
1860	Unicorn-62153.exe
2764	Unicorn-47929.exe
1956	Unicorn-2257.exe
1052	Unicorn-32277.exe
2912	Unicorn-2065.exe
2928	Unicorn-15557.exe
1764	Unicorn-58155.exe
1696	Unicorn-5233.exe
2392	Unicorn-11450.exe
1716	Unicorn-43931.exe
748	Unicorn-43931.exe
1672	Unicorn-55285.exe
1932	Unicorn-28254.exe
2308	Unicorn-61310.exe
3052	Unicorn-57205.exe
1252	Unicorn-40484.exe
880	Unicorn-57013.exe
1600	Unicorn-42753.exe
1604	Unicorn-62296.exe
1736	Unicorn-48913.exe
2060	Unicorn-48913.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
1816	Unicorn-27749.exe
1816	Unicorn-27749.exe
1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
2180	Unicorn-65190.exe
2180	Unicorn-65190.exe
1816	Unicorn-27749.exe
1816	Unicorn-27749.exe
2388	Unicorn-46586.exe
2388	Unicorn-46586.exe
2824	Unicorn-18493.exe
2824	Unicorn-18493.exe
2852	Unicorn-55572.exe
2852	Unicorn-55572.exe
2860	Unicorn-38359.exe
2860	Unicorn-38359.exe
2180	Unicorn-65190.exe
2180	Unicorn-65190.exe
2388	Unicorn-46586.exe
2388	Unicorn-46586.exe
2540	Unicorn-7684.exe
2540	Unicorn-7684.exe
2824	Unicorn-18493.exe
2824	Unicorn-18493.exe
2360	Unicorn-13351.exe
2360	Unicorn-13351.exe
1684	Unicorn-59023.exe
1684	Unicorn-59023.exe
2860	Unicorn-38359.exe
2860	Unicorn-38359.exe
1636	Unicorn-27611.exe
1288	Unicorn-57077.exe
1636	Unicorn-27611.exe
1288	Unicorn-57077.exe
2852	Unicorn-55572.exe
2852	Unicorn-55572.exe
1176	Unicorn-64825.exe
1176	Unicorn-64825.exe
2540	Unicorn-7684.exe
2540	Unicorn-7684.exe
1820	Unicorn-61981.exe
1820	Unicorn-61981.exe
1480	Unicorn-658.exe
1480	Unicorn-658.exe
1288	Unicorn-57077.exe
1288	Unicorn-57077.exe
1300	Unicorn-658.exe
1300	Unicorn-658.exe
2952	Unicorn-64778.exe
2952	Unicorn-64778.exe
1636	Unicorn-27611.exe
1636	Unicorn-27611.exe
2712	Unicorn-15734.exe
2712	Unicorn-15734.exe
2360	Unicorn-13351.exe
2360	Unicorn-13351.exe
2092	Unicorn-15926.exe
2092	Unicorn-15926.exe
2080	Unicorn-61597.exe
2080	Unicorn-61597.exe
1684	Unicorn-59023.exe
1684	Unicorn-59023.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
376	1052	WerFault.exe	78
1764	1736	WerFault.exe	94
1604	2060	WerFault.exe	95
1512	2460	WerFault.exe	141
1828	2980	WerFault.exe	170
2232	888	WerFault.exe	174
2000	1696	WerFault.exe	181
2056	960	WerFault.exe	204
2616	2404	WerFault.exe	202
2708	1572	WerFault.exe	215
2652	1564	WerFault.exe	258
2904	2524	WerFault.exe	308
1856	2884	WerFault.exe	324

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59023.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
1816	Unicorn-27749.exe
2180	Unicorn-65190.exe
2388	Unicorn-46586.exe
2852	Unicorn-55572.exe
2824	Unicorn-18493.exe
2860	Unicorn-38359.exe
2540	Unicorn-7684.exe
1288	Unicorn-57077.exe
2360	Unicorn-13351.exe
1684	Unicorn-59023.exe
1636	Unicorn-27611.exe
1176	Unicorn-64825.exe
1820	Unicorn-61981.exe
2712	Unicorn-15734.exe
1480	Unicorn-658.exe
2092	Unicorn-15926.exe
2080	Unicorn-61597.exe
1300	Unicorn-658.exe
2952	Unicorn-64778.exe
2040	Unicorn-5910.exe
1512	Unicorn-1997.exe
1544	Unicorn-22548.exe
1856	Unicorn-25428.exe
752	Unicorn-4986.exe
2228	Unicorn-41380.exe
1560	Unicorn-37082.exe
1144	Unicorn-7747.exe
984	Unicorn-10435.exe
2496	Unicorn-23434.exe
1608	Unicorn-27457.exe
2176	Unicorn-7591.exe
2656	Unicorn-39896.exe
1304	Unicorn-56616.exe
2848	Unicorn-36942.exe
2564	Unicorn-9911.exe
2936	Unicorn-22910.exe
532	Unicorn-42392.exe
2532	Unicorn-23595.exe
2776	Unicorn-38971.exe
1532	Unicorn-58837.exe
2232	Unicorn-42501.exe
2780	Unicorn-33202.exe
960	Unicorn-33010.exe
1860	Unicorn-62153.exe
1956	Unicorn-2257.exe
1052	Unicorn-32277.exe
2764	Unicorn-47929.exe
2912	Unicorn-2065.exe
2928	Unicorn-15557.exe
1764	Unicorn-58155.exe
1696	Unicorn-5233.exe
2392	Unicorn-11450.exe
1716	Unicorn-43931.exe
748	Unicorn-43931.exe
1672	Unicorn-55285.exe
1932	Unicorn-28254.exe
2308	Unicorn-61310.exe
3052	Unicorn-57205.exe
880	Unicorn-57013.exe
1252	Unicorn-40484.exe
1604	Unicorn-62296.exe
1600	Unicorn-42753.exe
2060	Unicorn-48913.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1816	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	31
PID 1976 wrote to memory of 1816	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	31
PID 1976 wrote to memory of 1816	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	31
PID 1976 wrote to memory of 1816	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	31
PID 1816 wrote to memory of 2180	1816	Unicorn-27749.exe	32
PID 1816 wrote to memory of 2180	1816	Unicorn-27749.exe	32
PID 1816 wrote to memory of 2180	1816	Unicorn-27749.exe	32
PID 1816 wrote to memory of 2180	1816	Unicorn-27749.exe	32
PID 1976 wrote to memory of 2388	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	33
PID 1976 wrote to memory of 2388	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	33
PID 1976 wrote to memory of 2388	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	33
PID 1976 wrote to memory of 2388	1976	91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe	33
PID 2180 wrote to memory of 2852	2180	Unicorn-65190.exe	34
PID 2180 wrote to memory of 2852	2180	Unicorn-65190.exe	34
PID 2180 wrote to memory of 2852	2180	Unicorn-65190.exe	34
PID 2180 wrote to memory of 2852	2180	Unicorn-65190.exe	34
PID 1816 wrote to memory of 2824	1816	Unicorn-27749.exe	35
PID 1816 wrote to memory of 2824	1816	Unicorn-27749.exe	35
PID 1816 wrote to memory of 2824	1816	Unicorn-27749.exe	35
PID 1816 wrote to memory of 2824	1816	Unicorn-27749.exe	35
PID 2388 wrote to memory of 2860	2388	Unicorn-46586.exe	36
PID 2388 wrote to memory of 2860	2388	Unicorn-46586.exe	36
PID 2388 wrote to memory of 2860	2388	Unicorn-46586.exe	36
PID 2388 wrote to memory of 2860	2388	Unicorn-46586.exe	36
PID 2824 wrote to memory of 2540	2824	Unicorn-18493.exe	37
PID 2824 wrote to memory of 2540	2824	Unicorn-18493.exe	37
PID 2824 wrote to memory of 2540	2824	Unicorn-18493.exe	37
PID 2824 wrote to memory of 2540	2824	Unicorn-18493.exe	37
PID 2852 wrote to memory of 1288	2852	Unicorn-55572.exe	38
PID 2852 wrote to memory of 1288	2852	Unicorn-55572.exe	38
PID 2852 wrote to memory of 1288	2852	Unicorn-55572.exe	38
PID 2852 wrote to memory of 1288	2852	Unicorn-55572.exe	38
PID 2860 wrote to memory of 2360	2860	Unicorn-38359.exe	39
PID 2860 wrote to memory of 2360	2860	Unicorn-38359.exe	39
PID 2860 wrote to memory of 2360	2860	Unicorn-38359.exe	39
PID 2860 wrote to memory of 2360	2860	Unicorn-38359.exe	39
PID 2180 wrote to memory of 1684	2180	Unicorn-65190.exe	40
PID 2180 wrote to memory of 1684	2180	Unicorn-65190.exe	40
PID 2180 wrote to memory of 1684	2180	Unicorn-65190.exe	40
PID 2180 wrote to memory of 1684	2180	Unicorn-65190.exe	40
PID 2388 wrote to memory of 1636	2388	Unicorn-46586.exe	41
PID 2388 wrote to memory of 1636	2388	Unicorn-46586.exe	41
PID 2388 wrote to memory of 1636	2388	Unicorn-46586.exe	41
PID 2388 wrote to memory of 1636	2388	Unicorn-46586.exe	41
PID 2540 wrote to memory of 1176	2540	Unicorn-7684.exe	42
PID 2540 wrote to memory of 1176	2540	Unicorn-7684.exe	42
PID 2540 wrote to memory of 1176	2540	Unicorn-7684.exe	42
PID 2540 wrote to memory of 1176	2540	Unicorn-7684.exe	42
PID 2824 wrote to memory of 1820	2824	Unicorn-18493.exe	43
PID 2824 wrote to memory of 1820	2824	Unicorn-18493.exe	43
PID 2824 wrote to memory of 1820	2824	Unicorn-18493.exe	43
PID 2824 wrote to memory of 1820	2824	Unicorn-18493.exe	43
PID 2360 wrote to memory of 2712	2360	Unicorn-13351.exe	44
PID 2360 wrote to memory of 2712	2360	Unicorn-13351.exe	44
PID 2360 wrote to memory of 2712	2360	Unicorn-13351.exe	44
PID 2360 wrote to memory of 2712	2360	Unicorn-13351.exe	44
PID 1684 wrote to memory of 2092	1684	Unicorn-59023.exe	45
PID 1684 wrote to memory of 2092	1684	Unicorn-59023.exe	45
PID 1684 wrote to memory of 2092	1684	Unicorn-59023.exe	45
PID 1684 wrote to memory of 2092	1684	Unicorn-59023.exe	45
PID 2860 wrote to memory of 2080	2860	Unicorn-38359.exe	46
PID 2860 wrote to memory of 2080	2860	Unicorn-38359.exe	46
PID 2860 wrote to memory of 2080	2860	Unicorn-38359.exe	46
PID 2860 wrote to memory of 2080	2860	Unicorn-38359.exe	46

C:\Users\Admin\AppData\Local\Temp\91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe
"C:\Users\Admin\AppData\Local\Temp\91091391f19d743e67c5c6d90e80ff98d3385bb1e8b765ac3d2fa8a6097b3fa0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        12⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        13⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        14⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        15⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        16⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        11⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28917.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        16⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        14⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        15⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        10⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4027.exe
        11⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        13⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        14⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        12⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        10⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        11⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4219.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        12⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
        13⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        14⤵
        Program crash
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        10⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15263.exe
        14⤵
        
        PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        6⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        10⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        12⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4580.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        9⤵
        
        PID:888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        10⤵
        Program crash
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        13⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        14⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34497.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        10⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44323.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        12⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        14⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47112.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        13⤵
        
        PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        12⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
        16⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        10⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31300.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        12⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59818.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59370.exe
        14⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        16⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        11⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        14⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14631.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
        12⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        15⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        16⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        10⤵
        Program crash
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7548.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54377.exe
        12⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        12⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        9⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        10⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        12⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        13⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        14⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54445.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        12⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        14⤵
        
        PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        9⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
        11⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44141.exe
        14⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        15⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        16⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
        11⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        15⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        11⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        13⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        14⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49257.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        12⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        13⤵
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29976.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        10⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        12⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46859.exe
        14⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        15⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
        9⤵
        Program crash
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        7⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        8⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        10⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        12⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17590.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        14⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
        9⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
        10⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        11⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        14⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        12⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        12⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
        13⤵
        
        PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60202.exe
        13⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        15⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
        13⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        6⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37391.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        11⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        12⤵
        Program crash
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        11⤵
        Program crash
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
        10⤵
        Program crash
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        9⤵
        Program crash
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        8⤵
        Program crash
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        7⤵
        Program crash
        
        PID:1764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        6⤵
        Program crash
        
        PID:376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        13⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        13⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        7⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        9⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        10⤵
        Program crash
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34102.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        10⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
        11⤵
        
        PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe

Filesize
192KB

MD5
c66c15e8d35f3e913460e56379a6c77d

SHA1
5af44606165420d870e685f1e28c3bd8fd019893

SHA256
afa77a43396c09150146fef4679d86b00f1dc59e917780d0a800a09f9d9d2360

SHA512
8ec199299a4ef4445d4f5647fed42fa92ebd2dd63c7f615f396ecf14d9a57548e6bcdf5bdc194b5b3edfe5ce329a0eaf9029548e36147acab875a340d4e25c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe

Filesize
192KB

MD5
aa449775be3ebb2de534074f339f6793

SHA1
e2479b9136b4c56eaae63019416b15000e330cc8

SHA256
288030b3122ebf964f971a9f99448709981adb2e173bf535baac6c4363ded3a4

SHA512
b48e36149f2988e7cc9a9d8ae5c218183122ac255887a5a34281fdd5f36e6f1cf8bf9d26e97b207ce1f4e84c7da6a06b12ec09a447515dfd29360561805d76c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40484.exe

Filesize
192KB

MD5
85d196b02340b8ed959aadf5eaef4493

SHA1
76b4f607f5076b48ad328c329a5182f987b0cc1c

SHA256
9e8e29f0860b4d0d6d1744b688af42abd1d31114e246fb7fd84f0b973fd9b587

SHA512
dca3f472585aba29d23ce63aa23e93beb2566572e1e3e8caeab8679f139a4e65d7df54bef241162fd1c476715fa618f49e5d2dd7cef437e23e9dac6bfdff06bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe

Filesize
192KB

MD5
ad047957457628b82986f5a700fa5787

SHA1
cbf7278ddb0d7a1fde20a1f2ac642f4e47747edc

SHA256
889d523f8a0826b58bdfd003809004318616130bd4b24f21166fc243b4f4cb2c

SHA512
17d66e2c2c16d20dfec8f771030ff267eb91ed8664392efe7ec3347bbeb428c28721e63df0c725d5c7ab7eb2711f01e5b390f759a5c9f8cf45463636cb5d6c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe

Filesize
192KB

MD5
b2aa2204acd59b1eab393adb87d5e241

SHA1
4486e2eb5fcf84dce8da0b7c2c80be2c7154fd9b

SHA256
8e09e6548839816092d07955d62737258528ba7f710731760656c517b0b6db9d

SHA512
c311885f231e2d12ef36981d61c684b2e361fe3591988e129226dd46b06998b3af065f87d8267d5746ff32a1f0a0e94e19278a6c1880a6ed0190f993a2fb9285

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe

Filesize
192KB

MD5
cb3d29f5b5034b05d40b45f13e69a799

SHA1
d92f75c2888dab9ceaa4ded1f9b48b5473ec2cd5

SHA256
fa515317a0b78230fdf352d6c61238977914c9267fc99e3d1065cb31d3d2345b

SHA512
d820007754cb8fb5e88be468b2f4e5ad98bc8f3780dc2ac6eee91137fde50bf2282b89791b954f64b459f97e6824d5cf192415df97863f9054de160309749d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe

Filesize
192KB

MD5
c3db481c7f6772e69992faf677d8159f

SHA1
e053db9138c863dd79829d55f341afd77498cf2e

SHA256
aa5323447ee3cd15eccbb0a2e7ffd51c5b3738308ba2a8b06be1c6299da852c8

SHA512
7d5ce1257ddfea51f885c8452876973cc7e6118b9b31ff1e37a4ff432a24e7038bc3e9ac7ee19e25c7f58f8891602649376008a28590a46e45d598c860c6252f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe

Filesize
192KB

MD5
c6e41f5b8c527802374c4e2908c83b8b

SHA1
6fb65511503eb7172c5f14cf6e41de2fe8e3a9b4

SHA256
1b559fdd9a1c473cb621dfa079237d43b2317e947edf00e4fd62f9828085bdde

SHA512
09f35739cbb2ffbcef53ada64a2453424dcc2e02e94cc19868ee04f990dbb7ec12be47dbbc49b042d0da1f5d70f9191ad76044e6699d706ac5ed3c70761689df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe

Filesize
192KB

MD5
ae51a6e1e3f0b364ff184dc038cbb4cd

SHA1
00f5a378e581b254a027d7e25330a7e1f0dd1cea

SHA256
835f27949715e06041ab9f0f673b1463385c1be5058597096ffc64729922e257

SHA512
47701e892bc14045e3959215695ba2aaafc6e92138d9a0688774f43d67ce58ea70c6c69cd88be741ea95270c0d08b394bcb4a02fe299f835d19b25f7b655f4fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe

Filesize
192KB

MD5
67178c2301bb8279cc030564538f87ca

SHA1
27c2ab203df9e96ab8824fea0628884b6e478ab1

SHA256
b956fb52407f4606509b278e10c88690d8f0c6cca865510d55016302d3fdd5fd

SHA512
5c8004c4e49b216355cbce5bb67564d28797f48759b1b972ecd844ca9d104e13281e6799b355c4b7c317f3defbd42b350d12d5dbf0f429947334f10a99cdd87f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe

Filesize
192KB

MD5
858b1b78814f01274901814b389254cb

SHA1
5cb9a30686e17fe87f1127803ff64bead752a71f

SHA256
a0f7d11c36c447cc40ddc4f6fdcd12ad0a3763c4e54099d6f0a8fe99cb4bc7d3

SHA512
3acf1e5d6ddebde64703f81e05466b322fed3619548642c4120543d552f41f8e684a2217eaa620b71c111499ceed8a7b9bff72bb830f066b31ff9de4482ee288

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe

Filesize
192KB

MD5
ec8a0e685206ef8bae854b4e435d59c5

SHA1
0dcffb6aaddb7a09a74c173374760b4f386cd92c

SHA256
052a8869c288f93111327b7db3aa269e17f07b5a7a185e5ff02d8d170c3ffdfb

SHA512
c4fc7f21f6953e505fe63c6f2ea0810ba1a9f7fa297fa0cfbf09c96f3fb5a5c1708c329d58dfac53496502e47cc1a9c58e63f1845091bdc3c93a3c885dc252f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe

Filesize
192KB

MD5
2ee6b4f05f0bfa69e5ee2396b516a582

SHA1
443f446a12f4d7c47ea62fe8174b661bb770ba27

SHA256
f6e6441aa2bb9389fc982517c5eada98b3e384a2b975c31e1556c3359b25bbe8

SHA512
7d31df6edd18d9b3d5900df73eb4ec0c0a92e188472bd232d9a60654b8f2b5d12d15f90ed5258a349d07b760fbd959a6a5a0ea794edc5a8b188f127e01730e75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe

Filesize
192KB

MD5
a94bdaa1f36db2cc5055ffec13edbe60

SHA1
77ed0898bb67ac7447592890068470eb659c7946

SHA256
84d955007e9c2444bba10dae1f8d629dd9655f5bb2d6cd9930568186b3f760b7

SHA512
bedb14daf4a293eb6b31de6749c4e614e0f69f87b1070cbf32ebf88ba68e345c3115a214c5353f54b139c8d91a4e2a65fa2fe3aee6dbcef9da4d0ef620d082a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe

Filesize
192KB

MD5
399344b40d90d9839c157f6ed5c85a90

SHA1
59aaf75d94e7b850c720e968209174fe719c2f95

SHA256
abccde6020c63d9bbd65efe029fe2940838521406b09d1e91f0a39a6bdabb8de

SHA512
7feb0aecf4c247fe71560a2bbdc9c35bc0a447448e1a5310f434351d47d7b89322c46a3c706fc2e5762255d4a99511153374bd5b00ff6b00713e2b81252dafd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe

Filesize
192KB

MD5
80c80d9e849ff74c480aee3402685cb1

SHA1
8f9ab4392319af78bfd76f20f98e3eeea044c5dc

SHA256
1d4f73da8a37b79cc8b62a8502339831ca111566099175e00bc7bb05336f6c7e

SHA512
9f8b7683f950de7f2b96707ab011bd031c359c7e208015fc40612a47cc3eac2f281372b7b1fff29c52ff2601b7a2d9cc4e0300eec974cd38dfc06fe9a1322b63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe

Filesize
192KB

MD5
465b2236da1b7b6a0586a65f2ea3bb54

SHA1
687e2c93ac09ac0a59677a1b4d7644ad1862b668

SHA256
23023c73f77cc0eebda5bb0117a2303ce60fd8de401857f8b9da76bc2f7791b9

SHA512
f2657e1f2e3654f852310e84e3dae384f8f8b89109fd5530a0ef1205146234a0fa5220252490a8c85321095973581a2aa25c6fe8127eb8f21fe40fcb5901bffd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe

Filesize
192KB

MD5
9b91c3ebe0f8b9d771ee4dbc3dab1da0

SHA1
d002d04358772575ec58758692a881d1107d3460

SHA256
e969c1c610a5f324f8ad5e3441af1ef523dcef9c097ac1e0d012596c8026b6d6

SHA512
de63376516c24ed51a30b5be9c5d4aeaf5302612d721597ab4a7a55dc95f39e9f9304b9fffecc5fa6a20d5f9392bccafb26ff0beb619844a00a7aab5031db40e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe

Filesize
192KB

MD5
61d6c562b9a884df1495a585baf331fb

SHA1
7d0a9f641e68c505875784ebddf2a96d730a9d1f

SHA256
43b07dfccc6423b6822bdf453b99992c1c63ec03fbe7bd748536d950c6295047

SHA512
575d1f8085af59869265fce4c391466cd9288ba53d2ab5bbe85a0d053209eaaca73eeb0422a60eeaa3ee06ca3f154ee81701b60a4a8aa0af090a5dc9633f05ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe

Filesize
192KB

MD5
955e4f1cc2f7a2a791247caf335b144e

SHA1
2305effd664066eac0277d9ea627a9b12ac53327

SHA256
c2e9b0700fb0b88595eecc4d1499dd3441842ece83683ce6f8290bb843169661

SHA512
181ecf888688b9c44c1c725012c8dceee557aa16e96a78b131542a13c9f2aed51a0b5984849b567eefb3f763618121304fbae1a1056e33360e459d844a23a226

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe

Filesize
192KB

MD5
7c9edc4af630429e2db7596f9fad16e7

SHA1
2e4c513d829b2b61505839b6a36c3b790fcd3947

SHA256
8e11cab538710be3fec41f547396b9617c5ede1830d8c71fc56506e2094ba005

SHA512
e3131bb9c70c17306436e71599c5ab3cd7be67c74828171aa8a219febd441e6155786f11dc0272acea15b4a0279d32c3880352e67d361f21192e0a1e1a85b715

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe

Filesize
192KB

MD5
6e6174a16d94d21ecff96987e95f7029

SHA1
7d79057c534e63f1e890911068a099754ce6b5d4

SHA256
f340e674e409cd4a703e1ba5ffdc0542d68cfb28b590f35f28c5538581cbb24e

SHA512
8e837bba09e6fd7fd1b7308ea2fc4056d35f8fdce9662beaeed9c176e78857be3b50557124721324f3c309a458c0b4ad53daa1a316b255e490c5e92e7031b18f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe

Filesize
192KB

MD5
7273fbee5a4c70ef90a04e0035a4e10e

SHA1
ff252f92e35f0fa406748c5f08179163bbbc750b

SHA256
0cc4529e59fad6d2a3f369f5f8358fe1634725a05f9c26a03b7c9add2aaaad38

SHA512
81a02a34b06453cdb76ed9cd8cfb0a4b8cfc948a2e1ef1c0d808c292775e96970491c1e23f0655df2779a4bc36f0f7b8b9dba9fc860648f66179865f4bc2eed9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe

Filesize
192KB

MD5
ff94130f4041420f3d55c9f353b54823

SHA1
5d843c1956c0675c02afd52484f0d5094aeddb67

SHA256
f8b3e83ac8da8a62cad943d81c29bd32f8bbbf79d9fe999f835cc53d06350b54

SHA512
09dc8f794204e6755190c6f6749cfc8146e953fac3e8ac577af46db7dd222748ed87742e7e33cac0edc19ed20673670962c9aabfa6b0645a1ae7ea7681d1b43d

Download Submit