a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
Size

188KB
MD5

406fdd25732ffa3f78f3dc6c2aa3bbde
SHA1

46f304ac3e2a290ba04a09183a8c0ed1e260a256
SHA256

a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b
SHA512

249ee62238080d7033c1be2ba363e34a7050f151f4f6120c4bf71dd02755136e9233a7108a5f413ebca563ad8d98f69d21eec53fa4402b1a6e1a79ea12f5c050
SSDEEP

3072:o90ExnJe3FlLHzuawAB18iJs9jmJdGGRyYq5lBLzblY32Fkv:o9DxAlLiaxB18kBcvblY32FC

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2724	Unicorn-10932.exe
2720	Unicorn-49438.exe
2736	Unicorn-13236.exe
2800	Unicorn-54708.exe
1628	Unicorn-18506.exe
2848	Unicorn-38372.exe
1276	Unicorn-35845.exe
2872	Unicorn-24339.exe
2400	Unicorn-11532.exe
2760	Unicorn-60733.exe
2892	Unicorn-16363.exe
2092	Unicorn-38507.exe
560	Unicorn-2305.exe
2200	Unicorn-14194.exe
2384	Unicorn-21486.exe
2120	Unicorn-26316.exe
2224	Unicorn-47251.exe
2192	Unicorn-56597.exe
540	Unicorn-10925.exe
1552	Unicorn-36172.exe
1724	Unicorn-3499.exe
1720	Unicorn-49171.exe
1564	Unicorn-28196.exe
2052	Unicorn-34754.exe
1460	Unicorn-62980.exe
1688	Unicorn-2274.exe
2348	Unicorn-30308.exe
948	Unicorn-30308.exe
1044	Unicorn-26970.exe
1052	Unicorn-46836.exe
1596	Unicorn-30500.exe
2824	Unicorn-9290.exe
2740	Unicorn-25669.exe
2652	Unicorn-35565.exe
3040	Unicorn-41464.exe
2908	Unicorn-27589.exe
2032	Unicorn-16083.exe
2724	Unicorn-27781.exe
2968	Unicorn-34989.exe
2388	Unicorn-34989.exe
2888	Unicorn-34989.exe
2560	Unicorn-43157.exe
2868	Unicorn-43157.exe
2900	Unicorn-51517.exe
2220	Unicorn-48180.exe
2924	Unicorn-48372.exe
2736	Unicorn-50100.exe
1012	Unicorn-53629.exe
2132	Unicorn-19888.exe
608	Unicorn-58268.exe
1988	Unicorn-41246.exe
2060	Unicorn-55274.exe
2036	Unicorn-42659.exe
2576	Unicorn-39321.exe
1556	Unicorn-24102.exe
1772	Unicorn-4236.exe
1884	Unicorn-33339.exe
304	Unicorn-33339.exe
2944	Unicorn-45461.exe
572	Unicorn-16510.exe
896	Unicorn-2093.exe
1576	Unicorn-15284.exe
1572	Unicorn-10645.exe
2820	Unicorn-18814.exe

Loads dropped DLL 64 IoCs

pid	Process
2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
2724	Unicorn-10932.exe
2724	Unicorn-10932.exe
2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
2720	Unicorn-49438.exe
2720	Unicorn-49438.exe
2724	Unicorn-10932.exe
2736	Unicorn-13236.exe
2724	Unicorn-10932.exe
2736	Unicorn-13236.exe
2800	Unicorn-54708.exe
2800	Unicorn-54708.exe
2720	Unicorn-49438.exe
2720	Unicorn-49438.exe
2848	Unicorn-38372.exe
2848	Unicorn-38372.exe
1628	Unicorn-18506.exe
1628	Unicorn-18506.exe
2736	Unicorn-13236.exe
2736	Unicorn-13236.exe
1276	Unicorn-35845.exe
1276	Unicorn-35845.exe
2800	Unicorn-54708.exe
2800	Unicorn-54708.exe
2872	Unicorn-24339.exe
2872	Unicorn-24339.exe
2760	Unicorn-60733.exe
2760	Unicorn-60733.exe
1628	Unicorn-18506.exe
1628	Unicorn-18506.exe
2400	Unicorn-11532.exe
2400	Unicorn-11532.exe
2848	Unicorn-38372.exe
2892	Unicorn-16363.exe
2848	Unicorn-38372.exe
2892	Unicorn-16363.exe
2092	Unicorn-38507.exe
2092	Unicorn-38507.exe
1276	Unicorn-35845.exe
560	Unicorn-2305.exe
1276	Unicorn-35845.exe
560	Unicorn-2305.exe
2200	Unicorn-14194.exe
2200	Unicorn-14194.exe
2872	Unicorn-24339.exe
2872	Unicorn-24339.exe
540	Unicorn-10925.exe
540	Unicorn-10925.exe
2892	Unicorn-16363.exe
2892	Unicorn-16363.exe
2224	Unicorn-47251.exe
2120	Unicorn-26316.exe
2224	Unicorn-47251.exe
2120	Unicorn-26316.exe
2400	Unicorn-11532.exe
2192	Unicorn-56597.exe
2400	Unicorn-11532.exe
2192	Unicorn-56597.exe
2384	Unicorn-21486.exe
2384	Unicorn-21486.exe
2760	Unicorn-60733.exe
2760	Unicorn-60733.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1616	2880	WerFault.exe	139
2648	1708	WerFault.exe	138
2136	2252	WerFault.exe	208
2088	2744	WerFault.exe	322

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35894.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
2724	Unicorn-10932.exe
2720	Unicorn-49438.exe
2736	Unicorn-13236.exe
2800	Unicorn-54708.exe
2848	Unicorn-38372.exe
1628	Unicorn-18506.exe
1276	Unicorn-35845.exe
2872	Unicorn-24339.exe
2760	Unicorn-60733.exe
2400	Unicorn-11532.exe
2892	Unicorn-16363.exe
2092	Unicorn-38507.exe
560	Unicorn-2305.exe
2200	Unicorn-14194.exe
2384	Unicorn-21486.exe
2224	Unicorn-47251.exe
2192	Unicorn-56597.exe
2120	Unicorn-26316.exe
540	Unicorn-10925.exe
1552	Unicorn-36172.exe
1724	Unicorn-3499.exe
1720	Unicorn-49171.exe
1564	Unicorn-28196.exe
2052	Unicorn-34754.exe
1460	Unicorn-62980.exe
2348	Unicorn-30308.exe
1688	Unicorn-2274.exe
948	Unicorn-30308.exe
1052	Unicorn-46836.exe
1044	Unicorn-26970.exe
1596	Unicorn-30500.exe
2824	Unicorn-9290.exe
2740	Unicorn-25669.exe
2652	Unicorn-35565.exe
3040	Unicorn-41464.exe
2908	Unicorn-27589.exe
2032	Unicorn-16083.exe
2724	Unicorn-27781.exe
2868	Unicorn-43157.exe
2888	Unicorn-34989.exe
2560	Unicorn-43157.exe
2968	Unicorn-34989.exe
2900	Unicorn-51517.exe
2388	Unicorn-34989.exe
2220	Unicorn-48180.exe
2924	Unicorn-48372.exe
2736	Unicorn-50100.exe
1012	Unicorn-53629.exe
608	Unicorn-58268.exe
2132	Unicorn-19888.exe
1988	Unicorn-41246.exe
2060	Unicorn-55274.exe
2036	Unicorn-42659.exe
2576	Unicorn-39321.exe
1556	Unicorn-24102.exe
304	Unicorn-33339.exe
1772	Unicorn-4236.exe
1884	Unicorn-33339.exe
2944	Unicorn-45461.exe
572	Unicorn-16510.exe
896	Unicorn-2093.exe
1576	Unicorn-15284.exe
1572	Unicorn-10645.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2724	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	30
PID 2176 wrote to memory of 2724	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	30
PID 2176 wrote to memory of 2724	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	30
PID 2176 wrote to memory of 2724	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	30
PID 2724 wrote to memory of 2720	2724	Unicorn-10932.exe	31
PID 2724 wrote to memory of 2720	2724	Unicorn-10932.exe	31
PID 2724 wrote to memory of 2720	2724	Unicorn-10932.exe	31
PID 2724 wrote to memory of 2720	2724	Unicorn-10932.exe	31
PID 2176 wrote to memory of 2736	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	32
PID 2176 wrote to memory of 2736	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	32
PID 2176 wrote to memory of 2736	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	32
PID 2176 wrote to memory of 2736	2176	a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe	32
PID 2720 wrote to memory of 2800	2720	Unicorn-49438.exe	33
PID 2720 wrote to memory of 2800	2720	Unicorn-49438.exe	33
PID 2720 wrote to memory of 2800	2720	Unicorn-49438.exe	33
PID 2720 wrote to memory of 2800	2720	Unicorn-49438.exe	33
PID 2724 wrote to memory of 1628	2724	Unicorn-10932.exe	34
PID 2724 wrote to memory of 1628	2724	Unicorn-10932.exe	34
PID 2724 wrote to memory of 1628	2724	Unicorn-10932.exe	34
PID 2724 wrote to memory of 1628	2724	Unicorn-10932.exe	34
PID 2736 wrote to memory of 2848	2736	Unicorn-13236.exe	35
PID 2736 wrote to memory of 2848	2736	Unicorn-13236.exe	35
PID 2736 wrote to memory of 2848	2736	Unicorn-13236.exe	35
PID 2736 wrote to memory of 2848	2736	Unicorn-13236.exe	35
PID 2800 wrote to memory of 1276	2800	Unicorn-54708.exe	36
PID 2800 wrote to memory of 1276	2800	Unicorn-54708.exe	36
PID 2800 wrote to memory of 1276	2800	Unicorn-54708.exe	36
PID 2800 wrote to memory of 1276	2800	Unicorn-54708.exe	36
PID 2720 wrote to memory of 2872	2720	Unicorn-49438.exe	37
PID 2720 wrote to memory of 2872	2720	Unicorn-49438.exe	37
PID 2720 wrote to memory of 2872	2720	Unicorn-49438.exe	37
PID 2720 wrote to memory of 2872	2720	Unicorn-49438.exe	37
PID 2848 wrote to memory of 2400	2848	Unicorn-38372.exe	38
PID 2848 wrote to memory of 2400	2848	Unicorn-38372.exe	38
PID 2848 wrote to memory of 2400	2848	Unicorn-38372.exe	38
PID 2848 wrote to memory of 2400	2848	Unicorn-38372.exe	38
PID 1628 wrote to memory of 2760	1628	Unicorn-18506.exe	39
PID 1628 wrote to memory of 2760	1628	Unicorn-18506.exe	39
PID 1628 wrote to memory of 2760	1628	Unicorn-18506.exe	39
PID 1628 wrote to memory of 2760	1628	Unicorn-18506.exe	39
PID 2736 wrote to memory of 2892	2736	Unicorn-13236.exe	40
PID 2736 wrote to memory of 2892	2736	Unicorn-13236.exe	40
PID 2736 wrote to memory of 2892	2736	Unicorn-13236.exe	40
PID 2736 wrote to memory of 2892	2736	Unicorn-13236.exe	40
PID 1276 wrote to memory of 2092	1276	Unicorn-35845.exe	41
PID 1276 wrote to memory of 2092	1276	Unicorn-35845.exe	41
PID 1276 wrote to memory of 2092	1276	Unicorn-35845.exe	41
PID 1276 wrote to memory of 2092	1276	Unicorn-35845.exe	41
PID 2800 wrote to memory of 560	2800	Unicorn-54708.exe	42
PID 2800 wrote to memory of 560	2800	Unicorn-54708.exe	42
PID 2800 wrote to memory of 560	2800	Unicorn-54708.exe	42
PID 2800 wrote to memory of 560	2800	Unicorn-54708.exe	42
PID 2872 wrote to memory of 2200	2872	Unicorn-24339.exe	43
PID 2872 wrote to memory of 2200	2872	Unicorn-24339.exe	43
PID 2872 wrote to memory of 2200	2872	Unicorn-24339.exe	43
PID 2872 wrote to memory of 2200	2872	Unicorn-24339.exe	43
PID 2760 wrote to memory of 2384	2760	Unicorn-60733.exe	44
PID 2760 wrote to memory of 2384	2760	Unicorn-60733.exe	44
PID 2760 wrote to memory of 2384	2760	Unicorn-60733.exe	44
PID 2760 wrote to memory of 2384	2760	Unicorn-60733.exe	44
PID 1628 wrote to memory of 2120	1628	Unicorn-18506.exe	45
PID 1628 wrote to memory of 2120	1628	Unicorn-18506.exe	45
PID 1628 wrote to memory of 2120	1628	Unicorn-18506.exe	45
PID 1628 wrote to memory of 2120	1628	Unicorn-18506.exe	45

C:\Users\Admin\AppData\Local\Temp\a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe
"C:\Users\Admin\AppData\Local\Temp\a81797414c7f783555ae0e8d273bd7ed2da7402e94fe5a7c5791d207ebd8b97b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        10⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        14⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        15⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        16⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        17⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        18⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        13⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        14⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        15⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        16⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        18⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        9⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        10⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26062.exe
        11⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        12⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11900.exe
        13⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        14⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        15⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        17⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        18⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        17⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        9⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51147.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
        14⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        15⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        16⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        17⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        18⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
        11⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        14⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        15⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        16⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        17⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        16⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16510.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        10⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        11⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        14⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        15⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
        16⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
        9⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13116.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        11⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13249.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        12⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        15⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        16⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        10⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 148
        11⤵
        Program crash
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
        10⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
        11⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        14⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        15⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34842.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        11⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        13⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        14⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19175.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        16⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
        12⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        14⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        15⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        16⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        12⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
        13⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        14⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        11⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        16⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        10⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8338.exe
        12⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
        13⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
        14⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        15⤵
        
        PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        14⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18283.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        14⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        15⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        10⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        11⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        13⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        16⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        13⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
        15⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        10⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36362.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        14⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        11⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        12⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        14⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        15⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        16⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        13⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        9⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        13⤵
        Program crash
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20069.exe
        10⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16315.exe
        11⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        13⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        14⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        13⤵
        
        PID:720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25007.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        11⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        14⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        17⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
        13⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
        14⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        15⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        16⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        13⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        16⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        13⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        11⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        14⤵
        
        PID:2960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24464.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        14⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        15⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        16⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4598.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5281.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        13⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13951.exe
        8⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        12⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        13⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55244.exe
        15⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        16⤵
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        7⤵
        Executes dropped EXE
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        11⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35894.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        14⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49460.exe
        15⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        16⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        13⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        14⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        16⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        8⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
        10⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        12⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        8⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 244
        9⤵
        Program crash
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        12⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        13⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4585.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        11⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        10⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
        12⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19123.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        15⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        6⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44289.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        9⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49788.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
        12⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        13⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37237.exe
        14⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        15⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        13⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
        13⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3797.exe
        10⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        11⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        13⤵
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44214.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        11⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        12⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        14⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        7⤵
        Program crash
        
        PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe

Filesize
188KB

MD5
633a4709bb506eb0f493454f0ee50c62

SHA1
582c0ec9c1bec37273cf231c8b84767e2b0991cc

SHA256
8803e40ed0d9b71b39c6df4bd2b8dd5be4b3f94e4183eee005c23cc3c8d0aa54

SHA512
b4690fd39059ac13d622571f5219625bb064933c45a4e939b825474a60f8bb52d038048c1507004ae1a1e0bff748778e94e41653b6a56de604ae4033af6d427a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe

Filesize
188KB

MD5
b527c77f126e710eb0b21f65955d5a26

SHA1
e840006408aca3eb3d66afea3a61e2ff7a8d6429

SHA256
1d2e968ce13a92d9ef0e534a82e9910f139d8940791fbcf9c860d1ff5b7fc331

SHA512
9ab966c0893188113064f0dfc6a5547b3a8c14b6221b8c04e58817a878ee6a0494b7d5fbcd80db87d0831d2e2120a39a0a2bcc0d3ddaacd196eb66c7400c6f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe

Filesize
188KB

MD5
fd67c68e0d3d3783927b878cea2de267

SHA1
c859c2d29cc2ac8d5b67639e6f595e42606c335c

SHA256
161d15544de48cd53ddc37750b61622158b16da0e9bf961a8e66f930926b04a5

SHA512
d78f0acb8e6a8a7bf56cb0a57e3b23452bc20c276819fa0e69e5add49cdfd5e62248ee29a47482b920f45e5e766a8d11b1c132df9e50f7c18b4f5a9f5c6c3854

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe

Filesize
188KB

MD5
6f8884bad6bd6fd2299285489297fdca

SHA1
0307cd8365b4d60698df1c50f1dd20b40030871e

SHA256
4efa968b6752be05adfe1cfd646760c727b075979102cb6929e3b55d1f5ae731

SHA512
f3b70d6caa74532168ad79b9ad64564f16daae1a168b4f1d30c17bda8e5db999c73690f82dd6ab76b5db54067a578edada750ee823f51fc4d9ae884b2973e779

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe

Filesize
188KB

MD5
bc0c80ab789fb3723aceca9610446e69

SHA1
dabca8d87fc9276b25577a6de9642d748877bc56

SHA256
53cbe1f47af916ef74b80b0cce4e082168d568c924d4d4f49d9ea73c8fb18048

SHA512
4be1ca1d29b68e36d56a400a2bf6ee27af1a4b44453a01100fcee71e70433ddf51bb457be7f91cff167c495130f063b790c6c9054559ffef2174d229689bfde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe

Filesize
188KB

MD5
a69e72a9ad3b7611a7e9f7d71c3b8d76

SHA1
403b27c0e9a2ec482a0612aa04dd822705b6a347

SHA256
bcc79011f1785993a2c8edd4af72dda73530828606502c036154de4a6ed3e128

SHA512
4f7daf8ab027c659f77ac8acca7313b0f5850ec9bb955558a756e28aea0e9a61b039865de443fb5c3dc11856b2bbeec21dc280de8396899044cb56f3cdda36c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe

Filesize
188KB

MD5
ab3dc5a359b872826c3334e1191c589a

SHA1
e5a92ce6c607e15b09e443bb601561d29dac989f

SHA256
7d0a3320a84a5955c9ec398d28b96c793811b795c3aaf46df979ee4a87c04c11

SHA512
edfeeecfe7aeb81d3d475567c61955e5d78661f32e5e9d1f25937b298d12f3c523160864bcc3efb69eb5ae7a7407b177a80a40874ce892e26d0a5527cf3118cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe

Filesize
188KB

MD5
598bbbafc9a827f7778856d80666f029

SHA1
10fe1c42bd4680502250a340df723e5e7a99f5c7

SHA256
607f51f5aad14bd8219fd49b9fd3b5b4d972328f994c4da16062449e6a944ad3

SHA512
7773d8682270a5ad8601371742f9df8f91426add3abaa13e11182fe696493c2d4415e40a82d1f272a7a2f226fa7759bb90cf05ec3ee0907de7d65091ab1ac596

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe

Filesize
188KB

MD5
a7c24157e365bb3877a14e33c05fe607

SHA1
70420410dfe2cabdcaf11c5395ff63ab157f1568

SHA256
e43ddbaa555c6904fe759e101f98217e8793793440ed75d1aa5ffb49fc423203

SHA512
232d802ad13407e513ddc8b562e60c7c7c7397cf669bd3bce9a7cfaf2569471495528397cf9d6d277bfdf0ea6696f78bb9491c927e57af31b46b935a20715c2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe

Filesize
188KB

MD5
0365b3384133c1c9b15d2f70399bf6b6

SHA1
e9a624086af52a6bc36804318f747c834ea35a2e

SHA256
262716c00ad5ceb0386702439a68e931af5f4494d04e1e25639fe0036ab05e5e

SHA512
a793a1380e524738043dfd0e214bf59e71a8f3bec8880b8469a3711267d8b7caf740fc76dbf71660d3b4b59c526225f879842d1ad53d58ff374dedf4bfefdd11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe

Filesize
188KB

MD5
8a184e563fcaf744cac1f4e0405e79bf

SHA1
043d03d55d4f16db10315222f26c3ad3d1cd50b7

SHA256
18aa88d346027c86ec8f97a40f90ac4077991bc89cac6332704e5d1f27fd7ad1

SHA512
6a10bfc86755f4ab2b33c4d9b239cb44ce9dd719f536709379fe30a64e5e0f3fd0709933762cd1cf3b25a73cbdb5fb747f191d7ce56ca24ae2fa987f4e941d1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe

Filesize
188KB

MD5
d743406beaf03b4caa25a0c7c400b8ca

SHA1
cfbbb3203014b528ff5c47049bc5ceee9fbfecbd

SHA256
26afe7dd69417a6b45e3970e13f1e3f375d6f81b4355e16124d627cfccef3d6b

SHA512
8f9a3755fb741d0ec2a8210d6b9b9698525b5cdfac0392733099972e0a9d156bbd36c0ec1bc626b6f64c896798b18fa047a5bb8855e5d5dff681e504b174d4a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe

Filesize
188KB

MD5
7ac930de58bf7c9f1a7de612dd74e1fb

SHA1
659904975d0d6d3c7610da400681fcd125ab6a31

SHA256
6b8846a6637886898aced68616d3fe3f9c169d8736ca5e179645de08db44d9b7

SHA512
1c525cbb3ab26b5cea972c0e6de770742daab55c2047fb83cc7248e38efd27856dab604dfd917eedcb809f9fd3faeaa183a8649d21815fc7b1927536dc26fb3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21486.exe

Filesize
188KB

MD5
3a5be9f7fdc3e7f34ddb9606ba2ec994

SHA1
a48a5b0d23c84d2b0705e3df7b1b44cd305be1cd

SHA256
cc45cb8d89ebb25868022ef782b73dddd7d9dea1862273db35d81ddd0b0f228a

SHA512
9e3128d107f2cd927b2934060445babe846c841b79da3a7ff90ccbd5ed7e3620b3e7d8a65ca087b8ac837770569ad4f55fc8886cc599abdcc4a3dc83247f16ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe

Filesize
188KB

MD5
d4e6cf8e4c02a5172dabff9d4a4cb225

SHA1
21a82732c3b0fd814eecbdd8112990fb85db7066

SHA256
13080d178197bebaef740719c083dd3c061582861a5b0f169c459e5767bf5f9d

SHA512
e594f0b295bd38755d74efb3858c3d892ec0eccc81fa929a8174d6fa439c59cdb24597cef303c6e843837ff3957c01e7ab8a90a9d87341bef6a945192d678a0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe

Filesize
188KB

MD5
d49dd7ca5754cdd719abacf3c9532368

SHA1
343a4383cde0110210dcb9cc9856aab058487aca

SHA256
0837945e2fe0e11457cec352b31063885e2403568757c87e8eb57833ac9c579b

SHA512
cbf06767acad2a87bd029057859227eef2827317f6cf6482f769abed078476cabce23fa4b466d8b2b9bccf0c6637c565c3f01d27ca355e57a20de4905768837d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe

Filesize
188KB

MD5
f24fd708d1e546d32d204dfeec0d8edd

SHA1
42c2e2a7f65d900d45aae3dd1b4894017d686062

SHA256
e209f41bdf87b8924d7e122f801271296ea84427638a622e05fd1d2da90d72e8

SHA512
6445b0309228a3b3dd1f0970edd96a39f567ae6910ae62c2fb458a1cf182b001eac24ab71120d88a9cac6a44bf4b63117f6ac3cd23497f6bca5b257b77ba1daa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe

Filesize
188KB

MD5
233a7653942e8facaca88f602cfff818

SHA1
b052683856f1676dae46b3be01abdaeb65e4d3f6

SHA256
97d047e63aa65c8bf15435dd274d13c8cc4c6dc1cc1e613dc24fa4c2ad0a31dd

SHA512
0f93864e2fae1ce9f29c1a115f10013ea7689dec8e1ccb96591cd8468cbb97430fe44c24b9deea02930b2d173973e0755b1607d6cd55b2ea2631825675989d99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe

Filesize
188KB

MD5
7795a67c29a558ee1263e3bd8f58879e

SHA1
3745fb9e50ee6b1558c8678aa2f0220f8f61cc85

SHA256
5faccd0e3f686b6cb1ea3772e8cc6479dc819666a6f5d943533cfc94f0d8183b

SHA512
bc06d540a67ae5c184c1c733d2d82c7e992d48427ac79c404ea001740023bb88a225031998b06cb141ad16daa7fe9d3e86919a876254f1b498650815cbdde9f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe

Filesize
188KB

MD5
b7269f961e927fb437c923e23f878fe6

SHA1
4503a7b983103d91db530c8e47109ad6c4d56fa5

SHA256
35371ccd5cbd0491fd4bfea090d1a734789225f81d9cdef598da05bea8389e45

SHA512
6a75283e16b49680ea77b4eb4035d43fbd535a9ab90a68229f4a5f689cc45147665f5698f21030f67bb17e423f9db641d94f81c82d975943ec410eb5632b5548

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe

Filesize
188KB

MD5
bab49b9b6ad5883a12f4a83cfd7297ea

SHA1
86eba89007bcb5b14ad64567cee680ed952ae248

SHA256
fd8ca1d4ffe67e867af3ceef992aa3fa2fb9340bee7a364ab97e296efa5c9b0a

SHA512
ebb3d31ffa22be890bd98dbcb530e66853ce7378bcdd81233549fcb5f9eb75ba89b181166ba2b02b38cc8c80455cd5c25c8d5beee07e85c58bd6f7e34223a673

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe

Filesize
188KB

MD5
eeb6d447d9cf2353649282b700e11918

SHA1
cf5234fdf65ef4e17b56a7fb8fa52e106f51b7e1

SHA256
e50b9c97c15cc24b39faf558238e503fd2697125a208ad48d14fba351dc90de6

SHA512
10868f4ef278c19acba857b0a036201806cac2abeee5fe2c367a7ac7fa001b111a92559507c600eb2353692ef09cb4db3b95ece75b93187651d906e150ba507a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe

Filesize
188KB

MD5
8f6e173f460952c25c05af6cb3fe7c77

SHA1
d2db3cb1c522219de4e804c50ef27057be733616

SHA256
4da456335166edc0acf8eedf710c880021b2d5843fc47cd3f86d95e54c95c268

SHA512
9a8b1e9771f636ec056870e362a99f534eae6c2430582d632a40626821fa78697d18c7ec5e4841b53f4ebff6a81994bc616d227fc088e3ab49c6fcb8711574a4

Download Submit
memory/2444-2434-0x0000000002830000-0x000000000298C000-memory.dmp

Filesize
1.4MB

Download