0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
Size

188KB
MD5

d542c29051252cca25ba1fa8cbce9c1d
SHA1

656a6ede7aa3c858b8eca15a20fab8148a4d3f31
SHA256

0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4
SHA512

72408cbdfdeb087233d33b4115789d9281fde4846baea22ebfcf8d839f2d5ea90de3a7829832996f12b1fcdf6b11f7b01566c17cbad9a459c82d6c6685449d90
SSDEEP

3072:xDqIoRtLON0oGVjeuY1Dl7ztcuPJY0piIxSGzGi8lv1pFJt:xDBouSoGcuoDl72Y068lv1pFb

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2228	Unicorn-1205.exe
2800	Unicorn-29405.exe
1916	Unicorn-17707.exe
2724	Unicorn-52259.exe
604	Unicorn-57474.exe
2888	Unicorn-11802.exe
2688	Unicorn-48206.exe
2836	Unicorn-3644.exe
1020	Unicorn-46006.exe
2004	Unicorn-48014.exe
2516	Unicorn-25948.exe
1700	Unicorn-40308.exe
1612	Unicorn-25403.exe
848	Unicorn-12596.exe
2656	Unicorn-13172.exe
2456	Unicorn-61989.exe
852	Unicorn-1283.exe
2976	Unicorn-21149.exe
1164	Unicorn-16659.exe
1720	Unicorn-60147.exe
1528	Unicorn-7609.exe
1384	Unicorn-36219.exe
2512	Unicorn-44387.exe
2368	Unicorn-48943.exe
688	Unicorn-36328.exe
560	Unicorn-57303.exe
1208	Unicorn-11631.exe
2484	Unicorn-36136.exe
1588	Unicorn-59415.exe
2084	Unicorn-38248.exe
2548	Unicorn-38056.exe
2532	Unicorn-10598.exe
2360	Unicorn-2389.exe
2896	Unicorn-63904.exe
2772	Unicorn-11133.exe
2728	Unicorn-34486.exe
2616	Unicorn-47485.exe
2692	Unicorn-1813.exe
584	Unicorn-38932.exe
2272	Unicorn-43038.exe
352	Unicorn-26702.exe
2404	Unicorn-47677.exe
2592	Unicorn-44766.exe
2044	Unicorn-25476.exe
2396	Unicorn-61486.exe
1608	Unicorn-45622.exe
816	Unicorn-8118.exe
1912	Unicorn-49727.exe
1440	Unicorn-49727.exe
2024	Unicorn-29669.exe
2940	Unicorn-51647.exe
668	Unicorn-47926.exe
2020	Unicorn-64989.exe
1816	Unicorn-32509.exe
1392	Unicorn-60692.exe
2288	Unicorn-47885.exe
2964	Unicorn-28019.exe
1068	Unicorn-11299.exe
2184	Unicorn-56437.exe
884	Unicorn-36571.exe
2168	Unicorn-39176.exe
2744	Unicorn-59042.exe
2760	Unicorn-51450.exe
2688	Unicorn-59426.exe

Loads dropped DLL 64 IoCs

pid	Process
2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
2228	Unicorn-1205.exe
2228	Unicorn-1205.exe
2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
2800	Unicorn-29405.exe
2800	Unicorn-29405.exe
2228	Unicorn-1205.exe
1916	Unicorn-17707.exe
2228	Unicorn-1205.exe
1916	Unicorn-17707.exe
2724	Unicorn-52259.exe
2724	Unicorn-52259.exe
2800	Unicorn-29405.exe
2800	Unicorn-29405.exe
604	Unicorn-57474.exe
604	Unicorn-57474.exe
2888	Unicorn-11802.exe
2888	Unicorn-11802.exe
1916	Unicorn-17707.exe
1916	Unicorn-17707.exe
2688	Unicorn-48206.exe
2688	Unicorn-48206.exe
2724	Unicorn-52259.exe
2724	Unicorn-52259.exe
2836	Unicorn-3644.exe
2836	Unicorn-3644.exe
2516	Unicorn-25948.exe
2516	Unicorn-25948.exe
1020	Unicorn-46006.exe
1020	Unicorn-46006.exe
2888	Unicorn-11802.exe
2888	Unicorn-11802.exe
2004	Unicorn-48014.exe
2004	Unicorn-48014.exe
604	Unicorn-57474.exe
604	Unicorn-57474.exe
1700	Unicorn-40308.exe
1700	Unicorn-40308.exe
2688	Unicorn-48206.exe
2688	Unicorn-48206.exe
848	Unicorn-12596.exe
848	Unicorn-12596.exe
1612	Unicorn-25403.exe
1612	Unicorn-25403.exe
2836	Unicorn-3644.exe
2836	Unicorn-3644.exe
2976	Unicorn-21149.exe
2976	Unicorn-21149.exe
2004	Unicorn-48014.exe
2656	Unicorn-13172.exe
2004	Unicorn-48014.exe
2656	Unicorn-13172.exe
1164	Unicorn-16659.exe
1164	Unicorn-16659.exe
2516	Unicorn-25948.exe
2516	Unicorn-25948.exe
852	Unicorn-1283.exe
852	Unicorn-1283.exe
2456	Unicorn-61989.exe
2456	Unicorn-61989.exe
1020	Unicorn-46006.exe
1020	Unicorn-46006.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2520	1644	WerFault.exe	121
2472	772	WerFault.exe	246

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32972.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7609.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
2228	Unicorn-1205.exe
2800	Unicorn-29405.exe
1916	Unicorn-17707.exe
2724	Unicorn-52259.exe
604	Unicorn-57474.exe
2888	Unicorn-11802.exe
2688	Unicorn-48206.exe
2836	Unicorn-3644.exe
1020	Unicorn-46006.exe
2004	Unicorn-48014.exe
2516	Unicorn-25948.exe
1700	Unicorn-40308.exe
1612	Unicorn-25403.exe
848	Unicorn-12596.exe
2456	Unicorn-61989.exe
2656	Unicorn-13172.exe
2976	Unicorn-21149.exe
852	Unicorn-1283.exe
1164	Unicorn-16659.exe
1720	Unicorn-60147.exe
1528	Unicorn-7609.exe
1384	Unicorn-36219.exe
2512	Unicorn-44387.exe
2368	Unicorn-48943.exe
688	Unicorn-36328.exe
1208	Unicorn-11631.exe
2484	Unicorn-36136.exe
560	Unicorn-57303.exe
1588	Unicorn-59415.exe
2084	Unicorn-38248.exe
2548	Unicorn-38056.exe
2532	Unicorn-10598.exe
2360	Unicorn-2389.exe
2896	Unicorn-63904.exe
2772	Unicorn-11133.exe
2728	Unicorn-34486.exe
2616	Unicorn-47485.exe
2692	Unicorn-1813.exe
584	Unicorn-38932.exe
2272	Unicorn-43038.exe
352	Unicorn-26702.exe
2404	Unicorn-47677.exe
2592	Unicorn-44766.exe
2044	Unicorn-25476.exe
2396	Unicorn-61486.exe
816	Unicorn-8118.exe
1440	Unicorn-49727.exe
1608	Unicorn-45622.exe
1912	Unicorn-49727.exe
2024	Unicorn-29669.exe
2940	Unicorn-51647.exe
668	Unicorn-47926.exe
2020	Unicorn-64989.exe
1816	Unicorn-32509.exe
2288	Unicorn-47885.exe
1392	Unicorn-60692.exe
2964	Unicorn-28019.exe
1068	Unicorn-11299.exe
884	Unicorn-36571.exe
2184	Unicorn-56437.exe
2168	Unicorn-39176.exe
2744	Unicorn-59042.exe
2760	Unicorn-51450.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2228	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	31
PID 2432 wrote to memory of 2228	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	31
PID 2432 wrote to memory of 2228	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	31
PID 2432 wrote to memory of 2228	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	31
PID 2228 wrote to memory of 2800	2228	Unicorn-1205.exe	32
PID 2228 wrote to memory of 2800	2228	Unicorn-1205.exe	32
PID 2228 wrote to memory of 2800	2228	Unicorn-1205.exe	32
PID 2228 wrote to memory of 2800	2228	Unicorn-1205.exe	32
PID 2432 wrote to memory of 1916	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	33
PID 2432 wrote to memory of 1916	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	33
PID 2432 wrote to memory of 1916	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	33
PID 2432 wrote to memory of 1916	2432	0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe	33
PID 2800 wrote to memory of 2724	2800	Unicorn-29405.exe	34
PID 2800 wrote to memory of 2724	2800	Unicorn-29405.exe	34
PID 2800 wrote to memory of 2724	2800	Unicorn-29405.exe	34
PID 2800 wrote to memory of 2724	2800	Unicorn-29405.exe	34
PID 2228 wrote to memory of 604	2228	Unicorn-1205.exe	35
PID 2228 wrote to memory of 604	2228	Unicorn-1205.exe	35
PID 2228 wrote to memory of 604	2228	Unicorn-1205.exe	35
PID 2228 wrote to memory of 604	2228	Unicorn-1205.exe	35
PID 1916 wrote to memory of 2888	1916	Unicorn-17707.exe	36
PID 1916 wrote to memory of 2888	1916	Unicorn-17707.exe	36
PID 1916 wrote to memory of 2888	1916	Unicorn-17707.exe	36
PID 1916 wrote to memory of 2888	1916	Unicorn-17707.exe	36
PID 2724 wrote to memory of 2688	2724	Unicorn-52259.exe	37
PID 2724 wrote to memory of 2688	2724	Unicorn-52259.exe	37
PID 2724 wrote to memory of 2688	2724	Unicorn-52259.exe	37
PID 2724 wrote to memory of 2688	2724	Unicorn-52259.exe	37
PID 2800 wrote to memory of 2836	2800	Unicorn-29405.exe	38
PID 2800 wrote to memory of 2836	2800	Unicorn-29405.exe	38
PID 2800 wrote to memory of 2836	2800	Unicorn-29405.exe	38
PID 2800 wrote to memory of 2836	2800	Unicorn-29405.exe	38
PID 604 wrote to memory of 2004	604	Unicorn-57474.exe	39
PID 604 wrote to memory of 2004	604	Unicorn-57474.exe	39
PID 604 wrote to memory of 2004	604	Unicorn-57474.exe	39
PID 604 wrote to memory of 2004	604	Unicorn-57474.exe	39
PID 2888 wrote to memory of 1020	2888	Unicorn-11802.exe	40
PID 2888 wrote to memory of 1020	2888	Unicorn-11802.exe	40
PID 2888 wrote to memory of 1020	2888	Unicorn-11802.exe	40
PID 2888 wrote to memory of 1020	2888	Unicorn-11802.exe	40
PID 1916 wrote to memory of 2516	1916	Unicorn-17707.exe	41
PID 1916 wrote to memory of 2516	1916	Unicorn-17707.exe	41
PID 1916 wrote to memory of 2516	1916	Unicorn-17707.exe	41
PID 1916 wrote to memory of 2516	1916	Unicorn-17707.exe	41
PID 2688 wrote to memory of 1700	2688	Unicorn-48206.exe	42
PID 2688 wrote to memory of 1700	2688	Unicorn-48206.exe	42
PID 2688 wrote to memory of 1700	2688	Unicorn-48206.exe	42
PID 2688 wrote to memory of 1700	2688	Unicorn-48206.exe	42
PID 2724 wrote to memory of 1612	2724	Unicorn-52259.exe	43
PID 2724 wrote to memory of 1612	2724	Unicorn-52259.exe	43
PID 2724 wrote to memory of 1612	2724	Unicorn-52259.exe	43
PID 2724 wrote to memory of 1612	2724	Unicorn-52259.exe	43
PID 2836 wrote to memory of 848	2836	Unicorn-3644.exe	44
PID 2836 wrote to memory of 848	2836	Unicorn-3644.exe	44
PID 2836 wrote to memory of 848	2836	Unicorn-3644.exe	44
PID 2836 wrote to memory of 848	2836	Unicorn-3644.exe	44
PID 2516 wrote to memory of 2656	2516	Unicorn-25948.exe	45
PID 2516 wrote to memory of 2656	2516	Unicorn-25948.exe	45
PID 2516 wrote to memory of 2656	2516	Unicorn-25948.exe	45
PID 2516 wrote to memory of 2656	2516	Unicorn-25948.exe	45
PID 1020 wrote to memory of 2456	1020	Unicorn-46006.exe	46
PID 1020 wrote to memory of 2456	1020	Unicorn-46006.exe	46
PID 1020 wrote to memory of 2456	1020	Unicorn-46006.exe	46
PID 1020 wrote to memory of 2456	1020	Unicorn-46006.exe	46

C:\Users\Admin\AppData\Local\Temp\0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe
"C:\Users\Admin\AppData\Local\Temp\0d41295f340b71ab289a29113660bc49d891559c07fc20ff39cd52ce765b67b4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        12⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        13⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45900.exe
        15⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        16⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        17⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        11⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21120.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        13⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        16⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30833.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        13⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        14⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        16⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        10⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        13⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        14⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2024.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        12⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        13⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
        16⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        17⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        18⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        12⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        14⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        16⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
        14⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        15⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
        12⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        13⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        16⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
        12⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        14⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        15⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        16⤵
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        11⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        13⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        14⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        17⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        11⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        15⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        16⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47485.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24676.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22092.exe
        9⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        11⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33585.exe
        12⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63865.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        15⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        16⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
        17⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2934.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        11⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
        12⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54412.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        15⤵
        
        PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        15⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64512.exe
        16⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        17⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        7⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        12⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        14⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
        15⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        11⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        13⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        14⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        12⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8892.exe
        15⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        14⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        15⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8550.exe
        16⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        13⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        14⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        14⤵
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        7⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        8⤵
        Program crash
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31666.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
        11⤵
        
        PID:772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        12⤵
        Program crash
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        11⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        12⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        13⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57367.exe
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        11⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        12⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        14⤵
        
        PID:2212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61230.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        11⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3741.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        15⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
        16⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21881.exe
        16⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22180.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        12⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        13⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        15⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        16⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        11⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        12⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8892.exe
        13⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        14⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        7⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62330.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
        10⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        7⤵
        Executes dropped EXE
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48194.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
        13⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        14⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
        15⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        16⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        13⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        14⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        15⤵
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        11⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        13⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
        15⤵
        
        PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50689.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        12⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
        13⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        15⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        13⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        14⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        15⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        10⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        13⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
        7⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33770.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
        10⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        13⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16604.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        16⤵
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        6⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44681.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        12⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        14⤵
        
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe

Filesize
188KB

MD5
c3b51aadebae7c4f45ba5f32374c5ade

SHA1
da3c45477d29989a9eafe863d549f1f71dfb7411

SHA256
7e130f7b4a9046858a45fe4ba1212a4faaf8d815819f376d70a8868a491dd946

SHA512
234f95b6878d4f9cacf4177f6137132c0b3277e3d22e0f0c0284600c940022634de343bff428be643e82e7d0854fd2ff8b2a2b0d20dbd918df261d7b6c1dfbe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe

Filesize
188KB

MD5
395fa7cf99e204c7b22c12d20b08d987

SHA1
ee09fc7cd7031a8945420b6992ab68b06dc5f993

SHA256
75672f32de31b247428c5139863b0fd83566af67d1d0ffe1fa55e132f6df2b17

SHA512
62d284013e4bbf89809742a6fa37babcacd64732b2b0cf1c42df8e4d55a268d2de9d6b9b3b399e48f15aed4fd953c62012271da0970694cd62386ee947612329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe

Filesize
188KB

MD5
97d2120428c5894f807269ff179418e6

SHA1
607b8a3150f016fa4f2c542bcc907796054a14ad

SHA256
46191e880f618816bd2c7e098459e3de27bf2ea9ed22f1196d8d9327b26d66c2

SHA512
adb30d9efc0bc94e89ec078820421f57a965702797a9653dd978f3eb7f4c9137d26b8da3460e952f657ef5299c27b8cce633b8b9e514516d8b672b09bed1b0ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11802.exe

Filesize
188KB

MD5
61dd7181d09626925eefbe71ab38c55e

SHA1
d4a503f76cedb5ef6167cc390d52db391de7018a

SHA256
0c24939b76e8f6af9946a9278a59539b5b00ced999c690d685ec02d9f3e95276

SHA512
0cd01be0d56c8c629b2d506971768a521ac3c742dda2a0d284e0e2376f6ee6497ad80e81aa90a462fc2fbcca0a9861ab15c1461baaa42d9cd641cca517a6ea72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe

Filesize
188KB

MD5
209efdf8d029ad2ec580013d17778ae4

SHA1
cdc7fdcd3a567e2e221e8deeb5c88bca646a1578

SHA256
9b36475b99babe21e00cb3b04b50f6a0f377dc4c976efe41e1381c59a99d8c17

SHA512
707e02afa1db19cc0a04fec7b2207bc5283227cda6f5da10862f2c28b0815e4938fdd98285a6d9ca972521642c878f18acda28901e69e046af65e04fba012459

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe

Filesize
188KB

MD5
710a2d5ed1c9fa859a74d4673e246aed

SHA1
9f5e134f1b1aea1b415f6a2ca4a7cee895bc0f98

SHA256
49df0dc532ddf952a00fee7a3c43eb14741e9ccc6fe16f6c93e297799891bff9

SHA512
602850c7d43881817c4dd5cbe1bd2b401a1834d7e1b076bc360b50973c9c7098d413066d35cd13aeb34396ec33948a2c635f6d8cf2f69fb3676c03fbbc315c8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe

Filesize
188KB

MD5
de56942bff45a74b3131b1c012b1605b

SHA1
90c819eb44f979e371e34e646144b590ab602b7c

SHA256
af151a46545e38bf7fbb5a416243ea06d169b63b86979d0b251ed27b288b1ff1

SHA512
2e6dd5b741990a093af81b820393b03d64269a7f09e49ff96d920397dfeef4c4638fdefb1aa909a680b890d4e14cc24763afd1f2e08741f859d6cc8f60af30b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe

Filesize
188KB

MD5
7fbd41368ce56d3a30d7af03f7c88260

SHA1
b1811f5aa9e977571e90a6f4efa1b27ccab37ae0

SHA256
c12d95e90b7f6deac6e74376152343d584da40ade6768fffa81377d5952f00c7

SHA512
94d12d7101f78a68c6ee800ce34356d72b26efb334479dd5beb4c13de3fb145c0bf9b9dbac27e976e183d2263b2a88c9d51295ba470c9f7971ee48ffae492d8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe

Filesize
188KB

MD5
13b5814f0fab5977dea0060a5a1d84bf

SHA1
81a26388ca6b0509f7ad119d3063df92b01ea794

SHA256
554e7f22487c65bc65c220dba0c3d9cc111f3107e553e74435626467c1b97e1f

SHA512
af85edd5114bd8aad789f819fbe716f6d946eaa5442415ceab0cdaa8a29706b12effce553a995d812d584a42a6cee1bb18c77a0d78f03e978eb576f54494e780

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe

Filesize
188KB

MD5
6660498d2eea2cf34c996236d8e8a329

SHA1
e3eb38cd4f729829d9e3dec83512626c65b8877e

SHA256
83c7e5dcc7a6d4f03579291b94ec05f07a7d85201f0f01479e5ac654d600a8a9

SHA512
5a91b47879e8c2e1c5525377ffea899fca2b0b230a8a90c7761d5f0eb7e0be40e8e10cd5a1c1c0dc87aca26ba9d9f59d1a401f56b7d80fe5ef5f17a3ab4c0cb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe

Filesize
188KB

MD5
6156227cac26455969516d4ed617119e

SHA1
6b2ef658f3142eab2ba75de44bfc53ae1fea0952

SHA256
20ee8a7789c1c1b2850a00ae51f277c9a637fc0f20f9efffc28bb448e2f6fc95

SHA512
d2652824868f38f3acfff31e37eb3958dbae9c366fb368e08867abe0db7c26ac12dd5cd5088a3abaf6988c73383af37b9d516ed212482fc0f5a5298981cac3dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe

Filesize
188KB

MD5
4ba03048cd826eb023faf8d1101226ef

SHA1
4f8af6e3fc8783c80fe6764c98cbadae37eda5d1

SHA256
d67f9ad1da130f600553d496561abee06ac0871f8261c279bc9f6544931a7d1e

SHA512
7f68337bf14b39aaa121051ac5a1d88aa0bbad66b1ba7a7b0fcf35a179d6b572a5e473b1d5901ef096db3a1da43ccab8ddf027352c9369e0103680bc2d1a7c8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe

Filesize
188KB

MD5
c38f2e629773b5b1e45bc1f8db27ac2e

SHA1
525cd05a4a09a8488945d437c799d99421db4704

SHA256
7b04e2cf3d9cf0ddaa6cd1b67d60be396b3461a2decbf5346285a76db77732ec

SHA512
5c2ad44160fe9b414210eb7786c4cda04d919635520a6d4474fdeac9f55c7379ef8e2d70bca3f1e543b6c83e2cbf4e1c96b15d43e208e1892048912d8c3c0177

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe

Filesize
188KB

MD5
ac760451164bb712adf52d7ad5c0e538

SHA1
b7f7d3452fc07cca2c5c88ccec9447fbf5223d1c

SHA256
5c63e23eba44f1aedbc5aa7ac8b22e85c1675274d7931d6d9d0ea6dee4f66c78

SHA512
a93d21ce2423796d3f7bcc0ad76cc54023590aa1da64501227a2a6789cadc85556267644c094244854919c5121f5135f5467c0cf6fdea4cc28a40c2752d73bf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe

Filesize
188KB

MD5
1dd76da3acfabb1bbd9da295592d6935

SHA1
95bc5f0fb24fc809c6f012732d292f1aa8ffb39f

SHA256
f5fc59c1c2656c82117da43de27c9ebdff2253cfa563dc71ce036960f6083be0

SHA512
1f10cd3c7d4b19143b999c172e12bfcc203d056f8665c0fd449e27ca592f0149e9eca20ec29e0368b54a7ba5abde03ca8bdee736537d98b0f91a687202649190

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48014.exe

Filesize
188KB

MD5
ec40e4282c4b6d610f5a2973af166330

SHA1
c3a29af5a524524898490e71e608bc9fbe9b4b03

SHA256
69170557a54e47669939a2c4e959d6eba08d14d9890d73db395648ea4b6fdb72

SHA512
5ad7a5b5d2db00b6b0dc530704970316a7ad2ae83cb67803df1c0c02d541fdda92ff4196a07c9fc42d2e97e238adad02a84b31508f89e35942eb735051b61531

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe

Filesize
188KB

MD5
e5314a89c5d8f6f76180b10fda852359

SHA1
7b615aceae67cf0a91f9a449850bf2ab7e063cbc

SHA256
4240592ed48cdd92001cfd639597970ea1262c7d257fdd4fd2fce5d84acb2570

SHA512
2d245b26b2358028771061bfe2c0ae1df6c140493502bc6ad56090fddb739c7199f398381c15391d0bd3ad327a49873e486bd34ec9adcf59e355692e4813881e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52259.exe

Filesize
188KB

MD5
b8b8e20b5a5207dc433841bfda8e427f

SHA1
79a2773562a52855cdf97a55f37efa0fdd192cc2

SHA256
214e514625e46c31a6e2405b93be02dce696c35c7e95a0ebea651a1e5c631d98

SHA512
51007736daada49594740bb0347686a53280f0cf40d64938bb921b977635c0e505a015524ed0708d439df4a61ca96fb32931d150e730919049a2aa95281f6fdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe

Filesize
188KB

MD5
abcba581691d3bc518cb18f67b6e0c39

SHA1
4f66581a9b44f430eb03e9ef3928c950951753e1

SHA256
bd0094c8b2c950fadbd9def0e2b4f61165f2c712a2de803cb5b4add77e9763da

SHA512
7b0395046fc9d7db7b20daa100c1f66bc5435085c191e4f2912f811fb185971ceb052a5877a8224232ffe6a9e2d4b4a91eed0473cab7c186e4cc4a576990c9c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe

Filesize
188KB

MD5
dbc81dd4cf957661f887545a882f9e8d

SHA1
2706e1ab78e69c65f0a1acba6ba75670b7bd8d74

SHA256
35f994f9e50c1d0e9a9f3eba910808943deb6ff2a1f08914b55e7afca012e357

SHA512
929c7a779596e4c5461a233456fdab5018bfc897f5e4a67aedbf0cc1c6a451047c6a0b7b688be2e965fae3ffde54573d3426235fc2380fa1510265d882b8bfb1

Download Submit