3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
Size

184KB
MD5

2db3259e55d7a0c2f841012819cb9077
SHA1

7b03f098b97e5164a357fbb26ab452bdba0892d9
SHA256

3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a
SHA512

da86eb9a1a6b8baa1555505db33e8c1de70176ff89207d629622eec3a9e1e50a16e6bf2a59857865a85fa337745904a1b49c28b0c3d277a7960bd1b057084450
SSDEEP

3072:6oo7oO+sYgAjNajCd+xhY8F/96w67IfL6DDx35iNHNlPvyFmO:6oAohRjNZdyhY8zTweNlPvyFB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2692	Unicorn-25209.exe
1424	Unicorn-59176.exe
2924	Unicorn-47479.exe
2820	Unicorn-11210.exe
2712	Unicorn-19379.exe
3056	Unicorn-60966.exe
2772	Unicorn-24662.exe
2608	Unicorn-12964.exe
2344	Unicorn-40998.exe
2864	Unicorn-53250.exe
3040	Unicorn-33384.exe
3000	Unicorn-32996.exe
2960	Unicorn-55507.exe
1212	Unicorn-26172.exe
1812	Unicorn-46592.exe
2320	Unicorn-50676.exe
1476	Unicorn-22642.exe
1180	Unicorn-38978.exe
1652	Unicorn-5559.exe
2312	Unicorn-48019.exe
1060	Unicorn-32237.exe
2648	Unicorn-23323.exe
1028	Unicorn-27215.exe
1756	Unicorn-40021.exe
1676	Unicorn-59887.exe
1116	Unicorn-22939.exe
1544	Unicorn-3073.exe
1512	Unicorn-35191.exe
2400	Unicorn-35191.exe
568	Unicorn-39829.exe
1504	Unicorn-14578.exe
1764	Unicorn-15133.exe
3052	Unicorn-28798.exe
1600	Unicorn-33436.exe
1532	Unicorn-16354.exe
2576	Unicorn-20438.exe
1300	Unicorn-16908.exe
2376	Unicorn-32498.exe
2764	Unicorn-28968.exe
2900	Unicorn-60017.exe
2984	Unicorn-60894.exe
2636	Unicorn-61916.exe
2692	Unicorn-32581.exe
2680	Unicorn-24967.exe
1140	Unicorn-57085.exe
2460	Unicorn-53556.exe
2668	Unicorn-24221.exe
1272	Unicorn-44641.exe
1248	Unicorn-44641.exe
2676	Unicorn-7692.exe
2696	Unicorn-79.exe
3032	Unicorn-61340.exe
2028	Unicorn-30033.exe
2092	Unicorn-54900.exe
1844	Unicorn-36748.exe
380	Unicorn-53639.exe
596	Unicorn-36556.exe
1496	Unicorn-16690.exe
2040	Unicorn-54428.exe
1660	Unicorn-42730.exe
1148	Unicorn-58320.exe
996	Unicorn-45684.exe
1108	Unicorn-33240.exe
1692	Unicorn-51667.exe

Loads dropped DLL 64 IoCs

pid	Process
1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
2692	Unicorn-25209.exe
2692	Unicorn-25209.exe
1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
2924	Unicorn-47479.exe
2924	Unicorn-47479.exe
1424	Unicorn-59176.exe
1424	Unicorn-59176.exe
2692	Unicorn-25209.exe
2692	Unicorn-25209.exe
2820	Unicorn-11210.exe
2820	Unicorn-11210.exe
2924	Unicorn-47479.exe
2924	Unicorn-47479.exe
2712	Unicorn-19379.exe
2712	Unicorn-19379.exe
3056	Unicorn-60966.exe
3056	Unicorn-60966.exe
1424	Unicorn-59176.exe
1424	Unicorn-59176.exe
2772	Unicorn-24662.exe
2772	Unicorn-24662.exe
2820	Unicorn-11210.exe
2820	Unicorn-11210.exe
2608	Unicorn-12964.exe
2608	Unicorn-12964.exe
2864	Unicorn-53250.exe
2864	Unicorn-53250.exe
2344	Unicorn-40998.exe
3056	Unicorn-60966.exe
2344	Unicorn-40998.exe
3056	Unicorn-60966.exe
2712	Unicorn-19379.exe
2712	Unicorn-19379.exe
3040	Unicorn-33384.exe
3040	Unicorn-33384.exe
3000	Unicorn-32996.exe
3000	Unicorn-32996.exe
2772	Unicorn-24662.exe
2772	Unicorn-24662.exe
2960	Unicorn-55507.exe
2960	Unicorn-55507.exe
1212	Unicorn-26172.exe
1212	Unicorn-26172.exe
2608	Unicorn-12964.exe
1812	Unicorn-46592.exe
2608	Unicorn-12964.exe
1812	Unicorn-46592.exe
1476	Unicorn-22642.exe
1476	Unicorn-22642.exe
2864	Unicorn-53250.exe
2864	Unicorn-53250.exe
2320	Unicorn-50676.exe
1180	Unicorn-38978.exe
2320	Unicorn-50676.exe
1180	Unicorn-38978.exe
2344	Unicorn-40998.exe
2344	Unicorn-40998.exe
1652	Unicorn-5559.exe
1652	Unicorn-5559.exe
3040	Unicorn-33384.exe
3040	Unicorn-33384.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2132	2672	WerFault.exe	190
2612	1932	WerFault.exe	265
1168	2452	WerFault.exe	264
2020	2712	WerFault.exe	263

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28496.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
2692	Unicorn-25209.exe
2924	Unicorn-47479.exe
1424	Unicorn-59176.exe
2820	Unicorn-11210.exe
2712	Unicorn-19379.exe
3056	Unicorn-60966.exe
2772	Unicorn-24662.exe
2608	Unicorn-12964.exe
2864	Unicorn-53250.exe
2344	Unicorn-40998.exe
3040	Unicorn-33384.exe
3000	Unicorn-32996.exe
2960	Unicorn-55507.exe
1812	Unicorn-46592.exe
1212	Unicorn-26172.exe
2320	Unicorn-50676.exe
1180	Unicorn-38978.exe
1652	Unicorn-5559.exe
1476	Unicorn-22642.exe
2312	Unicorn-48019.exe
1060	Unicorn-32237.exe
2648	Unicorn-23323.exe
1028	Unicorn-27215.exe
1676	Unicorn-59887.exe
1756	Unicorn-40021.exe
1116	Unicorn-22939.exe
1544	Unicorn-3073.exe
2400	Unicorn-35191.exe
1512	Unicorn-35191.exe
1504	Unicorn-14578.exe
1764	Unicorn-15133.exe
3052	Unicorn-28798.exe
1600	Unicorn-33436.exe
1532	Unicorn-16354.exe
2576	Unicorn-20438.exe
1300	Unicorn-16908.exe
2376	Unicorn-32498.exe
2764	Unicorn-28968.exe
2900	Unicorn-60017.exe
2984	Unicorn-60894.exe
2636	Unicorn-61916.exe
2692	Unicorn-32581.exe
2680	Unicorn-24967.exe
1140	Unicorn-57085.exe
2460	Unicorn-53556.exe
2668	Unicorn-24221.exe
1248	Unicorn-44641.exe
1272	Unicorn-44641.exe
2676	Unicorn-7692.exe
2696	Unicorn-79.exe
3032	Unicorn-61340.exe
2028	Unicorn-30033.exe
2092	Unicorn-54900.exe
1844	Unicorn-36748.exe
380	Unicorn-53639.exe
596	Unicorn-36556.exe
1496	Unicorn-16690.exe
2040	Unicorn-54428.exe
1660	Unicorn-42730.exe
1148	Unicorn-58320.exe
996	Unicorn-45684.exe
1108	Unicorn-33240.exe
796	Unicorn-50920.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2692	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	30
PID 1744 wrote to memory of 2692	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	30
PID 1744 wrote to memory of 2692	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	30
PID 1744 wrote to memory of 2692	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	30
PID 2692 wrote to memory of 1424	2692	Unicorn-25209.exe	31
PID 2692 wrote to memory of 1424	2692	Unicorn-25209.exe	31
PID 2692 wrote to memory of 1424	2692	Unicorn-25209.exe	31
PID 2692 wrote to memory of 1424	2692	Unicorn-25209.exe	31
PID 1744 wrote to memory of 2924	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	32
PID 1744 wrote to memory of 2924	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	32
PID 1744 wrote to memory of 2924	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	32
PID 1744 wrote to memory of 2924	1744	3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe	32
PID 2924 wrote to memory of 2820	2924	Unicorn-47479.exe	33
PID 2924 wrote to memory of 2820	2924	Unicorn-47479.exe	33
PID 2924 wrote to memory of 2820	2924	Unicorn-47479.exe	33
PID 2924 wrote to memory of 2820	2924	Unicorn-47479.exe	33
PID 1424 wrote to memory of 2712	1424	Unicorn-59176.exe	34
PID 1424 wrote to memory of 2712	1424	Unicorn-59176.exe	34
PID 1424 wrote to memory of 2712	1424	Unicorn-59176.exe	34
PID 1424 wrote to memory of 2712	1424	Unicorn-59176.exe	34
PID 2692 wrote to memory of 3056	2692	Unicorn-25209.exe	35
PID 2692 wrote to memory of 3056	2692	Unicorn-25209.exe	35
PID 2692 wrote to memory of 3056	2692	Unicorn-25209.exe	35
PID 2692 wrote to memory of 3056	2692	Unicorn-25209.exe	35
PID 2820 wrote to memory of 2772	2820	Unicorn-11210.exe	36
PID 2820 wrote to memory of 2772	2820	Unicorn-11210.exe	36
PID 2820 wrote to memory of 2772	2820	Unicorn-11210.exe	36
PID 2820 wrote to memory of 2772	2820	Unicorn-11210.exe	36
PID 2924 wrote to memory of 2608	2924	Unicorn-47479.exe	37
PID 2924 wrote to memory of 2608	2924	Unicorn-47479.exe	37
PID 2924 wrote to memory of 2608	2924	Unicorn-47479.exe	37
PID 2924 wrote to memory of 2608	2924	Unicorn-47479.exe	37
PID 2712 wrote to memory of 2344	2712	Unicorn-19379.exe	38
PID 2712 wrote to memory of 2344	2712	Unicorn-19379.exe	38
PID 2712 wrote to memory of 2344	2712	Unicorn-19379.exe	38
PID 2712 wrote to memory of 2344	2712	Unicorn-19379.exe	38
PID 3056 wrote to memory of 2864	3056	Unicorn-60966.exe	39
PID 3056 wrote to memory of 2864	3056	Unicorn-60966.exe	39
PID 3056 wrote to memory of 2864	3056	Unicorn-60966.exe	39
PID 3056 wrote to memory of 2864	3056	Unicorn-60966.exe	39
PID 1424 wrote to memory of 3040	1424	Unicorn-59176.exe	40
PID 1424 wrote to memory of 3040	1424	Unicorn-59176.exe	40
PID 1424 wrote to memory of 3040	1424	Unicorn-59176.exe	40
PID 1424 wrote to memory of 3040	1424	Unicorn-59176.exe	40
PID 2772 wrote to memory of 3000	2772	Unicorn-24662.exe	41
PID 2772 wrote to memory of 3000	2772	Unicorn-24662.exe	41
PID 2772 wrote to memory of 3000	2772	Unicorn-24662.exe	41
PID 2772 wrote to memory of 3000	2772	Unicorn-24662.exe	41
PID 2820 wrote to memory of 2960	2820	Unicorn-11210.exe	42
PID 2820 wrote to memory of 2960	2820	Unicorn-11210.exe	42
PID 2820 wrote to memory of 2960	2820	Unicorn-11210.exe	42
PID 2820 wrote to memory of 2960	2820	Unicorn-11210.exe	42
PID 2608 wrote to memory of 1212	2608	Unicorn-12964.exe	43
PID 2608 wrote to memory of 1212	2608	Unicorn-12964.exe	43
PID 2608 wrote to memory of 1212	2608	Unicorn-12964.exe	43
PID 2608 wrote to memory of 1212	2608	Unicorn-12964.exe	43
PID 2864 wrote to memory of 1812	2864	Unicorn-53250.exe	44
PID 2864 wrote to memory of 1812	2864	Unicorn-53250.exe	44
PID 2864 wrote to memory of 1812	2864	Unicorn-53250.exe	44
PID 2864 wrote to memory of 1812	2864	Unicorn-53250.exe	44
PID 2344 wrote to memory of 2320	2344	Unicorn-40998.exe	45
PID 2344 wrote to memory of 2320	2344	Unicorn-40998.exe	45
PID 2344 wrote to memory of 2320	2344	Unicorn-40998.exe	45
PID 2344 wrote to memory of 2320	2344	Unicorn-40998.exe	45

C:\Users\Admin\AppData\Local\Temp\3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe
"C:\Users\Admin\AppData\Local\Temp\3a93a8ab17bca6a52befa8ac7d1d8d3019246bb79243fddeedb8d03e615f4f2a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        13⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        14⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        16⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        17⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        16⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21746.exe
        10⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        11⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        12⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        13⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        15⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        16⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        18⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        18⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        9⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
        11⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53993.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-379.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        15⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        11⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        13⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        14⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        15⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14209.exe
        16⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
        15⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
        16⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
        6⤵
        Executes dropped EXE
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
        9⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        11⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        12⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        13⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
        14⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        16⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        17⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        15⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        16⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
        12⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        15⤵
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        9⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32265.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45534.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
        13⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-379.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        16⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        17⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        15⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
        16⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        11⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        12⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        14⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        10⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        11⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        12⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        13⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        14⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        16⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17055.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11102.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        11⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 188
        12⤵
        Program crash
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25213.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
        12⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48532.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        15⤵
        
        PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        13⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36280.exe
        15⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        16⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15638.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        11⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
        12⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        13⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        14⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        15⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59530.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        10⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        13⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        15⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        6⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        8⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
        14⤵
        
        PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64937.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        12⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        14⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        15⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        16⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        12⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        14⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        10⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 188
        11⤵
        Program crash
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56276.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        13⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        14⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        12⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        8⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        13⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        14⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
        15⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        13⤵
        
        PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        13⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        15⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
        16⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        18⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22322.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
        12⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        15⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        16⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41483.exe
        11⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
        12⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        13⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        15⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
        10⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        12⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        15⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        16⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        9⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
        10⤵
        Program crash
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9934.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50827.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        11⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        13⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        14⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        15⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22217.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        17⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
        10⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        12⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        15⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        10⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        13⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        14⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        13⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        14⤵
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        10⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        12⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        13⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
        15⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52631.exe
        10⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51422.exe
        11⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
        12⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        13⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        14⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        15⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        13⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        14⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64729.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38895.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        12⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        14⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
        15⤵
        
        PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        10⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        11⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        13⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        14⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        15⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20426.exe
        11⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        14⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        15⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14857.exe
        11⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        15⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        14⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        10⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 188
        11⤵
        Program crash
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65295.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        11⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        12⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        13⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        14⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
        15⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
        6⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        10⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        13⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        14⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        13⤵
        
        PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        11⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        13⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        14⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3676.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        11⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        12⤵
        
        PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe

Filesize
184KB

MD5
8686a8e0b6838beca47902f90554710e

SHA1
b80104e8c5fd258b3e072062d4ecfc72b9fec47e

SHA256
87b0bd20d1492db342cb5db7472e028af02b38253643fc1e33050a6af5ba7b5c

SHA512
eb979c3f9debff8358a985022193cf503193a0b0e92cd0b4316bde296c22e9cfbdcda20f5f6a9399a347fc59616e675bc0b27970495ea42bc2235d62ef8ffb91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe

Filesize
184KB

MD5
e18544036dede80b992dc088530a9215

SHA1
9c066c5556f66004062977a03a6e0a276f0967c8

SHA256
57944ed1cb8bd4d7707471ec6495211f242764cefa87ffa65da7d0b2f512c4b6

SHA512
597f21e0fac4e82dcff60303b473327bc1e103c38b064d240997ca32bd15eeb653bf2ef22609470cc45736d32fe9de6d4ccfc3a691b2c3448046b40d730b4b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe

Filesize
184KB

MD5
d6adc27dc6d1749440a7cf6ea8ff7102

SHA1
e90d4edd5ee9bf7bce65794a148ff6c4514d6ecd

SHA256
91e4159eafbb948e87c1f566a6a92fb94aa2e555eca3bd6b19f7bcc017d34566

SHA512
f46a5f670290364570b239a0d6a959320872f68a2e8fd4dc87b28e95ee970193430e908db187b372af274816ef19c9511647711a307e7b2a9461edef10118655

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe

Filesize
184KB

MD5
20606c1d35ddc57a10e3cd09113029cb

SHA1
edad1c302ff814fe4f871e3a496b9617b0b50972

SHA256
81bbace810ff5d9d9b8acfbd971ff726ae3ca0bb6202790c4f3d5adc871be532

SHA512
c7058cee9863d4209fdb006ae757602022bdc5fff010ea70f0339ab6de30842ab2af84df52b83434741963fb70e88ded0251dee4bae177ff9724e067d887c6b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe

Filesize
184KB

MD5
fcad6d61152088c7733acc19e929380a

SHA1
c975955d59198964adb38e4f56e49e2ffa973297

SHA256
53d1f12e8f24ca84301f98b31900e9f773cbc2294208a611cdcf7ad95a06fa17

SHA512
53f31edf08962d6e47db8a48f00766840b8e63b0422a5e1c735fac71beedc62c52875a2182bf910ab788a52685fc6958f1fe2f5fb0291ff9afb21b4cc5321887

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe

Filesize
184KB

MD5
74944c03811629c12b1a215934ce6ce1

SHA1
ac08eea1c5903464c95b0dfeadcec5cfce710682

SHA256
1ce72be2d3a0639c75d7f5f7815b53dd77918c73bdda5d8dc1c274d288b06535

SHA512
75b4313d9070a0898e201f7f5560deb323fdac02748ef8cf8110fca7a32ab1b65f456c094b080e2aa928b3273c69aae706ef9ed9e3ddc8f2a4a346735fa4bc69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe

Filesize
184KB

MD5
f5ef63ef39e8bb4f8c66427314772129

SHA1
71d7c00d5de51effb96968ce36726c4092e2b9ae

SHA256
403ae4f6e24d996f3f96763120acf44db940ec7b1185b0ec774f7f3ac8c859c4

SHA512
b7bf3c87fa2bf561768c3c4b7c98fa9bd0d87fbb37cc0ee1488294c31977b0fcfa0ca3469266fd5926f1b9ad63b4091d59648b70f13c7ea1522afb55e8b1fd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe

Filesize
184KB

MD5
f8381d062dec6a2447ccabe00017060f

SHA1
11c0b0e5a30f056cf556528ffb7ac1912a4ace07

SHA256
f583a7b35921d67e9858fe3de2b53c6d8cde0bafc554c340e59b1c7bf1dad33a

SHA512
c61c96099c7431185110c0631f286e806a6e6f3ee826522bf84b5569008c71549a9e0635843883fa92cb93434883704396c1aa3533e699c42fafbf9eae779bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe

Filesize
184KB

MD5
07ccbdb73a89383f5c0dac7fa3f0bdc9

SHA1
7fd335885924b6c7b5835a4aefc97851298b1428

SHA256
cfde18360961101f1f29bffba591470c2a49a6c5454cbc0cad4fe3d7b0d02ed3

SHA512
3c1d48e087985293e37815acb8478b7babff9f4167bcdeb9f486300e50324742eba48b19319073fb11e1b2580cb3c7546fe37c7ab4cbee923a5f5d75f2fc13fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe

Filesize
184KB

MD5
dddd15de352bd0aa1aff945a0a0b1222

SHA1
b9f13b5ee8867be7f59fdc5e30743c08773a8c6e

SHA256
6c5e1dcb5f93c9edf5255acf28f6ff97e1f1121b5c9e9135177dd6300b1e5d9e

SHA512
887a24cec475d004c39fb40c9365c73a22753ae86a0db01d501e5f4d254405a953fc1c025e0d8214472faf320b6f83c74da7c4ddff74a07658d8b005c4dcaf16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6305.exe

Filesize
184KB

MD5
27e834fe5efd725a0d2934ae1fb1fd1b

SHA1
22cc50810c97c16cd086a45e46c71e19de3ad27f

SHA256
71a8a241769efca32de844dd030f6b8832c84cfcad9227ac2f1d8434f1212898

SHA512
0f29916e6e7f774045a7ca56f83fbf94547a95a6df2af5f962b7316a20cbe026a2394942531263098dc5d4cb808f024dd386c49ff8f0ba46ac32a5d84f4b6f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe

Filesize
184KB

MD5
198d5ba2f9443ef4de537c9a851c2246

SHA1
7d31d5cc23c4b6f6467480cf6198edfc1262af69

SHA256
bdbca95da41e1c98b6d5948e6ce9f63e0e6bc03af55668419c6ad69357f008d5

SHA512
19d6c4bb9c1ca1d69477bc0be4768e26b5eed3356fb0677d150e159e4f4fabd01959ca29e2c2a3144a96cd6d8237fb92f33d3a57b62febddc66a8842d6b3e1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe

Filesize
184KB

MD5
85dba17122768f2151bc97c60c313f67

SHA1
a6010cf5d6b28c40dfa139a6764e1209fb1f1b0d

SHA256
216637696eca7a0d45130f34cf9a6f9c9e7de9e33d80aa9c78c1710cada3bebb

SHA512
6bfa81fd87d5c3cf340a7fee63ca895a140099e01e151ad737b554f830cbac8e00c7cbf4c75af0065b011afbeba3d92f3c7d9cab2d898e951eee7691fc3152ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe

Filesize
184KB

MD5
8607ec484ed8f2e43f6cc605db3a2b99

SHA1
3182b09f47057bc57bc07259e77a88fc73581235

SHA256
ef9df17d1efe0a87fd395d7c694cdc32f653732d4e88cdba69466c19dcac1e0d

SHA512
ad79cb8f6ca600a54d925c8ed7efad65a4e637189233ead58a083ce5892f1d955b44f145cdc0d1e483ea628be7408d0b8418493ed96ca8acbe132ae7b81cafef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe

Filesize
184KB

MD5
04984edaa487af69f6d60eaea69583f6

SHA1
22003b4ac9f2633578516d3133a9cb084d26e3a1

SHA256
c365e4babae750d1ee5a52b909ff13230abc213148fbf17ec20e0a418692191b

SHA512
bf7daf38df9ed12d89cc81928ff7e7a1d6b584e5a579caf2ba1c7682d8c3e1a141bb8fcdc49117180d6d3ca9ba6c07687d82145fb2d689900a460c4176631360

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe

Filesize
184KB

MD5
e56680a0843eb1056f861389b3eded45

SHA1
c98760ed9244ac9e9e0183f2041aef8a1ae091d6

SHA256
9f8b3c9a9a7af14af4138e4e7e1444fe682c54605bbfe6bd26c4f6514e987d8c

SHA512
32ccb1152a8a91988aabd98ff4ee8ebc4798ae1b4b26f3d33acf4c1db2f5e2b9629be618ea8a0c5c17854196f339d7f049e9dc4475a7ea12d6d602294d0d2750

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe

Filesize
184KB

MD5
6dc2547c5c933df0bfb7b76344e17672

SHA1
373d5a11d67584f3f0081fda87c616ca824ea93b

SHA256
acdf54a0c5b5cbcdf4d8ef4b9a1ffda29ed2b857120e44d93c639bc27252c490

SHA512
9c3672539c5a08de4c7d1bd38fb93779862bb8df224056da6c870d3776f89c8b152a3148c9821a822fae01100195b353fa9fa27c4bd1e3717b51178c7d88d3e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe

Filesize
184KB

MD5
c07fd77c159850ff7e2bc33d3941c580

SHA1
6e9433a9543e19f9502cac09ac4571e6ea7e5b24

SHA256
7cb6132c8ea3386ccee994c649d1605d4d739028f11bfc62b6be3abe421bb653

SHA512
ff7533ac3c341e73acaba8ae288c9a60365cb0f1eb6c6ed98eb2126640efcb5df2d5ae39c33eafea0fd6046c695793b2409e75d7938e4fe5f3bc8535d16e8061

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe

Filesize
184KB

MD5
e5a8bb765e9f374865ec42ad9e4fc11a

SHA1
3c123ee9cfab5661e9a2bc0f0f5b2ce2525628ee

SHA256
2080a137e79ae915e14115d3f9c6526af2a30a8e66d0978fd0c2f808b87b211b

SHA512
d1647612d4c8dba2b5fee14f94f7342262db701daf3843c41b43a491f901317e6d569039ee41baa45758ec2570abff4d3dddf94bb19d6fdbfb0c1d27eaf2d0b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe

Filesize
184KB

MD5
a3d683602fbda233b999cfe456a05f48

SHA1
65d39ec7d6171ab0efdf0d700d1485085bd938a2

SHA256
37e8fa3ff6c15e5b05ca4b14986a2807c8215c6c3905c83e4b7c042e3da2edb7

SHA512
26511f4b3f5f22ce74e51bc6687e6aa349fe22ea8a71c874bc28eb8adad26182903d7e3ccfe55b9a005388c37b1e69a8118a4ee0847f80349bf81ed2cb5acc10

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32996.exe

Filesize
184KB

MD5
74dbc4e11e39cb7e48d13ae9eaa09de0

SHA1
ebe009e7a6098ed27750da4544df47dc8e58d419

SHA256
5b8936cec0862aeef417af39d26efd9adcf79c9951a88a54339c4ffba84f32b8

SHA512
285902eadf7233b15e975e24f9a0d270001dbaf287217ec942c99fdac54ee8ec384d3b4f5b0c8a600a94bf6303164f180050d54b68823f7e929b77e61b88f145

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe

Filesize
184KB

MD5
1e6220a6e521162ba0e466e454d30548

SHA1
7f1eae2904486e3fd21c64ab3bf06f35d1d4129f

SHA256
3bab1c34b07b07e13722504f717ef9ff9f5243d450a85257c84b1d5a022590ae

SHA512
377346c24bdf00d8570e88a4477339a364b61376ad46cd31e69f05fa569cf4fd119cd832b0ac0752b3e1b225e8afd1b71b847e9455af148b864cc34d285a2127

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe

Filesize
184KB

MD5
f041c4f63289888e7527af3ad4bcdd7a

SHA1
d2644bb0469014f26503ae0d053d630af812bfa7

SHA256
3ff32d38fa887a09442464a102f3cb1b891706955d650178fc69f8c84ffcecee

SHA512
d0cca2c0a79aa6fc0c4318a742e88734e8e54693792e29e281b416e7948d8db2eb459fe0871712609b4caa3590a7f385da9c3f6e093f7c1f43db22e89795be14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe

Filesize
184KB

MD5
5989dc7e4b260d0db7443df4795c1056

SHA1
3c9cd2674c1ed9a0474f369f07332c6b002c9180

SHA256
18ec435a0b65fda75a47c714aee5bdc6292220b6c0bd393291c83f68167a2782

SHA512
d4fbd19c468b6958518c67d941ea57e0d298bcf445e4583ad5d5da950364b2cd7fa03cea2e7ee931b13204a3db4862f332d8c54c163f59d5f57c4629fb889376

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe

Filesize
184KB

MD5
af075002a89cf63d01e2ae3a73a6ee6b

SHA1
334295a3c8a86f44086709f8b87412e1e8897e7a

SHA256
40d1cc45a55d3cc0a747dd5ba39dc6a2d959fde21ad43eaaaecf8ba280d11e8c

SHA512
29b9e2e8dd961eb20ef54e3f3c9efc54db064ba38bb21995960d1a1d74efebe8f5d82e8ecfb25faa57659efb91fed61f930d7fa405b2cd912eeb76fed20a51a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe

Filesize
184KB

MD5
a353389b0538c2c883e3075486c4a846

SHA1
1055dbd2afd7ef17e7d02e246f6130143d0240c5

SHA256
64ea044fcfb6c41dc6570d957461b28355541fcf80081b0fc1019157b5264371

SHA512
0e43e789a620183cd47bc728c8137c8dd389c3e13109afe082fd614b81d1afd9eca9d023e5b46bd56997d76503c290de329421cf055e0ae986326f57a33ae957

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe

Filesize
184KB

MD5
24408e7a6a1a8bbb0dcf52d415e4cc10

SHA1
1e6753b9b20492fc2173c045d45c574cf0fbf14d

SHA256
f6c49c8b07eb0281e30354163e957db746ec710118ad699a403abdf7637a4a0e

SHA512
6d5e431112c22992099323798c03f03790693fa5c43b7f6eedd943f8a3db12b23a13a48376819f751cc59bbc32d6ab1be72c49f70d58d078350b3d625dea3588

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe

Filesize
184KB

MD5
63d2998b1dba3db6379d012612ec5856

SHA1
87894d0be41cf2bf07728b95405c239a822f4f06

SHA256
11694276c6eda630b62cec8f1e80854ef47d3cef6d49d309837e7300024ba520

SHA512
387f4afe7b8aa97eec87c978e730782ab4ceb2869c89731b18e9e756b86d46398f3c1137d201e692d99553849cb0816a8fe1567d10dc20edc705e96ec12e29eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe

Filesize
184KB

MD5
a6f41a55144803bbbf15ef8024548872

SHA1
af98f8d8a8f1bdb0e333ddf1b0524d96e69a5981

SHA256
4b185f723c8ad66f003c88a862dc1c3533c2a5813aa79a4378a1997b93070b80

SHA512
20b00ea568bacb8ca6f22e39eec22e5a8c8adde0bf4530ec546e84f9f354edef57a7e4f3602309e8d4c3ebc0319954b8a76965abc34388c8da93461ec420956b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe

Filesize
184KB

MD5
f26255ab9586a04e556096eff6eb9dfb

SHA1
3d8b988330f5ec480313fd0caea2a61617335163

SHA256
12c74f67122b1deb299a6fc0c1e189071cf5a74aee155a9e77b9c60028694beb

SHA512
4810b97a5af53ace5b371a4ede64ec6f46c16cc9c18a9c3f0b56e79ed3624a304bbc627f35db926965f3a324a27d5d8b919335e1b042cfcbbfe1c5d83e27e6a5

Download Submit
memory/1364-2551-0x0000000077570000-0x000000007768F000-memory.dmp

Filesize
1.1MB

Download
memory/1364-2552-0x0000000077690000-0x000000007778A000-memory.dmp

Filesize
1000KB

Download