6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 22:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
Size

192KB
MD5

8a80826152fb10a1fec3e49c0ad6c9b0
SHA1

02966d462c4f07c4bf6ba2cd9605d42911c17f23
SHA256

6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232
SHA512

18f970754d82b3a6768448379b4ce3691c9974256387edd632e03d853f8fb9fbb91a2aace4484f408f6b49958bf47e6a4c64b439ace0eaaecce04d01ba0719b0
SSDEEP

3072:kpXpoLqCk5iVDYXMdfXO68zz9zJ6+ulDCjXxHbEUzNwivxFB:kp5ow8VDpdPO68m1I1NwivxF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2448	Unicorn-15288.exe
2436	Unicorn-38807.exe
2240	Unicorn-57836.exe
2908	Unicorn-63550.exe
2628	Unicorn-8874.exe
2988	Unicorn-2097.exe
1952	Unicorn-25808.exe
2376	Unicorn-37545.exe
1116	Unicorn-45159.exe
2024	Unicorn-46783.exe
1988	Unicorn-23753.exe
1232	Unicorn-38697.exe
2968	Unicorn-11500.exe
2072	Unicorn-10685.exe
2340	Unicorn-34635.exe
2460	Unicorn-26467.exe
1272	Unicorn-64868.exe
1772	Unicorn-6108.exe
2124	Unicorn-30058.exe
1396	Unicorn-63498.exe
932	Unicorn-61915.exe
1616	Unicorn-16244.exe
2324	Unicorn-27104.exe
3056	Unicorn-46970.exe
2492	Unicorn-45579.exe
2872	Unicorn-65444.exe
1592	Unicorn-61936.exe
2224	Unicorn-34478.exe
1096	Unicorn-15449.exe
884	Unicorn-7281.exe
2780	Unicorn-5890.exe
2816	Unicorn-20088.exe
2580	Unicorn-39954.exe
764	Unicorn-59305.exe
2208	Unicorn-61998.exe
2744	Unicorn-37816.exe
2884	Unicorn-12242.exe
2012	Unicorn-57167.exe
2244	Unicorn-6575.exe
2392	Unicorn-48999.exe
2864	Unicorn-13373.exe
2980	Unicorn-50307.exe
2180	Unicorn-3244.exe
2140	Unicorn-48916.exe
2148	Unicorn-5745.exe
2344	Unicorn-13358.exe
572	Unicorn-27557.exe
2628	Unicorn-64505.exe
1176	Unicorn-59606.exe
3036	Unicorn-32409.exe
2568	Unicorn-61552.exe
1604	Unicorn-15881.exe
2336	Unicorn-22657.exe
2508	Unicorn-42523.exe
1572	Unicorn-65081.exe
1088	Unicorn-1490.exe
844	Unicorn-19773.exe
1960	Unicorn-49108.exe
1936	Unicorn-26571.exe
2536	Unicorn-15387.exe
2428	Unicorn-61059.exe
2708	Unicorn-17334.exe
2776	Unicorn-63005.exe
1600	Unicorn-32278.exe

Loads dropped DLL 64 IoCs

pid	Process
2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
2448	Unicorn-15288.exe
2448	Unicorn-15288.exe
2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
2436	Unicorn-38807.exe
2436	Unicorn-38807.exe
2448	Unicorn-15288.exe
2448	Unicorn-15288.exe
2240	Unicorn-57836.exe
2240	Unicorn-57836.exe
2628	Unicorn-8874.exe
2628	Unicorn-8874.exe
2204	WerFault.exe
2436	Unicorn-38807.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2436	Unicorn-38807.exe
2988	Unicorn-2097.exe
2988	Unicorn-2097.exe
2240	Unicorn-57836.exe
2240	Unicorn-57836.exe
2204	WerFault.exe
1952	Unicorn-25808.exe
1952	Unicorn-25808.exe
2628	Unicorn-8874.exe
2628	Unicorn-8874.exe
1116	Unicorn-45159.exe
1116	Unicorn-45159.exe
2988	Unicorn-2097.exe
2988	Unicorn-2097.exe
2376	Unicorn-37545.exe
2376	Unicorn-37545.exe
2024	Unicorn-46783.exe
2024	Unicorn-46783.exe
1988	Unicorn-23753.exe
1988	Unicorn-23753.exe
1952	Unicorn-25808.exe
1952	Unicorn-25808.exe
1232	Unicorn-38697.exe
1232	Unicorn-38697.exe
2968	Unicorn-11500.exe
2968	Unicorn-11500.exe
1116	Unicorn-45159.exe
1116	Unicorn-45159.exe
2460	Unicorn-26467.exe
2460	Unicorn-26467.exe
2024	Unicorn-46783.exe
2340	Unicorn-34635.exe
2024	Unicorn-46783.exe
2340	Unicorn-34635.exe
2376	Unicorn-37545.exe
2376	Unicorn-37545.exe
2072	Unicorn-10685.exe
2072	Unicorn-10685.exe
1272	Unicorn-64868.exe
1272	Unicorn-64868.exe
1988	Unicorn-23753.exe
1988	Unicorn-23753.exe
1772	Unicorn-6108.exe
1772	Unicorn-6108.exe
2124	Unicorn-30058.exe

Program crash 19 IoCs

pid	pid_target	Process	procid_target
2204	2908	WerFault.exe	34
2948	1396	WerFault.exe	51
2256	1892	WerFault.exe	111
1784	1656	WerFault.exe	103
3036	2720	WerFault.exe	165
572	2020	WerFault.exe	211
1716	2944	WerFault.exe	263
340	2940	WerFault.exe	264
1500	2476	WerFault.exe	252
2788	2132	WerFault.exe	333
2608	1756	WerFault.exe	296
2912	952	WerFault.exe	340
2316	2184	WerFault.exe	351
932	1352	WerFault.exe	377
2988	288	WerFault.exe	398
1980	468	WerFault.exe	425
2828	2012	WerFault.exe	443
2556	2036	WerFault.exe	516
280	848	WerFault.exe	481

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6750.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
2448	Unicorn-15288.exe
2436	Unicorn-38807.exe
2240	Unicorn-57836.exe
2628	Unicorn-8874.exe
2988	Unicorn-2097.exe
2908	Unicorn-63550.exe
1952	Unicorn-25808.exe
1116	Unicorn-45159.exe
2376	Unicorn-37545.exe
2024	Unicorn-46783.exe
1988	Unicorn-23753.exe
1232	Unicorn-38697.exe
2968	Unicorn-11500.exe
2072	Unicorn-10685.exe
2340	Unicorn-34635.exe
2460	Unicorn-26467.exe
1272	Unicorn-64868.exe
1772	Unicorn-6108.exe
2124	Unicorn-30058.exe
1396	Unicorn-63498.exe
932	Unicorn-61915.exe
1616	Unicorn-16244.exe
2324	Unicorn-27104.exe
2492	Unicorn-45579.exe
3056	Unicorn-46970.exe
2872	Unicorn-65444.exe
1592	Unicorn-61936.exe
2224	Unicorn-34478.exe
884	Unicorn-7281.exe
1096	Unicorn-15449.exe
2780	Unicorn-5890.exe
2580	Unicorn-39954.exe
2816	Unicorn-20088.exe
764	Unicorn-59305.exe
2208	Unicorn-61998.exe
2744	Unicorn-37816.exe
2884	Unicorn-12242.exe
2012	Unicorn-57167.exe
2244	Unicorn-6575.exe
2864	Unicorn-13373.exe
2392	Unicorn-48999.exe
2180	Unicorn-3244.exe
2140	Unicorn-48916.exe
2980	Unicorn-50307.exe
2148	Unicorn-5745.exe
2344	Unicorn-13358.exe
572	Unicorn-27557.exe
2628	Unicorn-64505.exe
1176	Unicorn-59606.exe
3036	Unicorn-32409.exe
2568	Unicorn-61552.exe
1604	Unicorn-15881.exe
2508	Unicorn-42523.exe
2336	Unicorn-22657.exe
1572	Unicorn-65081.exe
1088	Unicorn-1490.exe
844	Unicorn-19773.exe
1960	Unicorn-49108.exe
2536	Unicorn-15387.exe
2428	Unicorn-61059.exe
2776	Unicorn-63005.exe
2708	Unicorn-17334.exe
1600	Unicorn-32278.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2448	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	30
PID 2708 wrote to memory of 2448	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	30
PID 2708 wrote to memory of 2448	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	30
PID 2708 wrote to memory of 2448	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	30
PID 2448 wrote to memory of 2436	2448	Unicorn-15288.exe	31
PID 2448 wrote to memory of 2436	2448	Unicorn-15288.exe	31
PID 2448 wrote to memory of 2436	2448	Unicorn-15288.exe	31
PID 2448 wrote to memory of 2436	2448	Unicorn-15288.exe	31
PID 2708 wrote to memory of 2240	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	32
PID 2708 wrote to memory of 2240	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	32
PID 2708 wrote to memory of 2240	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	32
PID 2708 wrote to memory of 2240	2708	6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe	32
PID 2436 wrote to memory of 2908	2436	Unicorn-38807.exe	34
PID 2436 wrote to memory of 2908	2436	Unicorn-38807.exe	34
PID 2436 wrote to memory of 2908	2436	Unicorn-38807.exe	34
PID 2436 wrote to memory of 2908	2436	Unicorn-38807.exe	34
PID 2448 wrote to memory of 2628	2448	Unicorn-15288.exe	35
PID 2448 wrote to memory of 2628	2448	Unicorn-15288.exe	35
PID 2448 wrote to memory of 2628	2448	Unicorn-15288.exe	35
PID 2448 wrote to memory of 2628	2448	Unicorn-15288.exe	35
PID 2240 wrote to memory of 2988	2240	Unicorn-57836.exe	36
PID 2240 wrote to memory of 2988	2240	Unicorn-57836.exe	36
PID 2240 wrote to memory of 2988	2240	Unicorn-57836.exe	36
PID 2240 wrote to memory of 2988	2240	Unicorn-57836.exe	36
PID 2628 wrote to memory of 1952	2628	Unicorn-8874.exe	37
PID 2628 wrote to memory of 1952	2628	Unicorn-8874.exe	37
PID 2628 wrote to memory of 1952	2628	Unicorn-8874.exe	37
PID 2628 wrote to memory of 1952	2628	Unicorn-8874.exe	37
PID 2908 wrote to memory of 2204	2908	Unicorn-63550.exe	38
PID 2908 wrote to memory of 2204	2908	Unicorn-63550.exe	38
PID 2908 wrote to memory of 2204	2908	Unicorn-63550.exe	38
PID 2908 wrote to memory of 2204	2908	Unicorn-63550.exe	38
PID 2436 wrote to memory of 2376	2436	Unicorn-38807.exe	39
PID 2436 wrote to memory of 2376	2436	Unicorn-38807.exe	39
PID 2436 wrote to memory of 2376	2436	Unicorn-38807.exe	39
PID 2436 wrote to memory of 2376	2436	Unicorn-38807.exe	39
PID 2988 wrote to memory of 1116	2988	Unicorn-2097.exe	40
PID 2988 wrote to memory of 1116	2988	Unicorn-2097.exe	40
PID 2988 wrote to memory of 1116	2988	Unicorn-2097.exe	40
PID 2988 wrote to memory of 1116	2988	Unicorn-2097.exe	40
PID 2240 wrote to memory of 2024	2240	Unicorn-57836.exe	41
PID 2240 wrote to memory of 2024	2240	Unicorn-57836.exe	41
PID 2240 wrote to memory of 2024	2240	Unicorn-57836.exe	41
PID 2240 wrote to memory of 2024	2240	Unicorn-57836.exe	41
PID 1952 wrote to memory of 1988	1952	Unicorn-25808.exe	42
PID 1952 wrote to memory of 1988	1952	Unicorn-25808.exe	42
PID 1952 wrote to memory of 1988	1952	Unicorn-25808.exe	42
PID 1952 wrote to memory of 1988	1952	Unicorn-25808.exe	42
PID 2628 wrote to memory of 1232	2628	Unicorn-8874.exe	43
PID 2628 wrote to memory of 1232	2628	Unicorn-8874.exe	43
PID 2628 wrote to memory of 1232	2628	Unicorn-8874.exe	43
PID 2628 wrote to memory of 1232	2628	Unicorn-8874.exe	43
PID 1116 wrote to memory of 2968	1116	Unicorn-45159.exe	44
PID 1116 wrote to memory of 2968	1116	Unicorn-45159.exe	44
PID 1116 wrote to memory of 2968	1116	Unicorn-45159.exe	44
PID 1116 wrote to memory of 2968	1116	Unicorn-45159.exe	44
PID 2988 wrote to memory of 2072	2988	Unicorn-2097.exe	45
PID 2988 wrote to memory of 2072	2988	Unicorn-2097.exe	45
PID 2988 wrote to memory of 2072	2988	Unicorn-2097.exe	45
PID 2988 wrote to memory of 2072	2988	Unicorn-2097.exe	45
PID 2376 wrote to memory of 2340	2376	Unicorn-37545.exe	46
PID 2376 wrote to memory of 2340	2376	Unicorn-37545.exe	46
PID 2376 wrote to memory of 2340	2376	Unicorn-37545.exe	46
PID 2376 wrote to memory of 2340	2376	Unicorn-37545.exe	46

C:\Users\Admin\AppData\Local\Temp\6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe
"C:\Users\Admin\AppData\Local\Temp\6e11f43f61965eb164da824e10907121e9337718b020b464fde400aec3b90232.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17334.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62606.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
        13⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        15⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        16⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        17⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        18⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44042.exe
        19⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
        11⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        13⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        14⤵
        Program crash
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        11⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        17⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        18⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
        7⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10691.exe
        11⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12777.exe
        12⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        14⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        15⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        16⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        17⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        18⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        11⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        12⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
        15⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        16⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        17⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        12⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        14⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        15⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
        16⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        12⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        14⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        15⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        16⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        17⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        18⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        14⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        17⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
        11⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        13⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        14⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        15⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        17⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        18⤵
        
        PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29560.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22181.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
        13⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        14⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        15⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
        16⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
        17⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        18⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21183.exe
        20⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        13⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        14⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        15⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
        16⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        17⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        18⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        19⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56804.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        13⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        9⤵
        Program crash
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        10⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        11⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
        13⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        15⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        16⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        17⤵
        Program crash
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13911.exe
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        16⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        17⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        15⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        16⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        17⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        12⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        14⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45967.exe
        17⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        18⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        9⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
        11⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        13⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        14⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31634.exe
        15⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        17⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36518.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        11⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        14⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        15⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        16⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        13⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        15⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        16⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        17⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        18⤵
        
        PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3244.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21937.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
        12⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        14⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        15⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        16⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        17⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        18⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        16⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        17⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        11⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        12⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-637.exe
        13⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        14⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        15⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        16⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        12⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        13⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        14⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        15⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        16⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        17⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        9⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        10⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
        13⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        14⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        16⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        17⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        13⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3434.exe
        14⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        15⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16803.exe
        17⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        18⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 216
        16⤵
        Program crash
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        15⤵
        Program crash
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        14⤵
        Program crash
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        13⤵
        Program crash
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        12⤵
        Program crash
        
        PID:1500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        11⤵
        Program crash
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        12⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        13⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36844.exe
        15⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29631.exe
        16⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        17⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        13⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63699.exe
        15⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        16⤵
        
        PID:1820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
        7⤵
        Program crash
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58221.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
        13⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
        15⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        16⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
        17⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        18⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        19⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        11⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        13⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
        14⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14093.exe
        16⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
        17⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        18⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        19⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        17⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        18⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        15⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        16⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
        17⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        7⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 200
        8⤵
        Program crash
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15881.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
        14⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
        15⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        16⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        17⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
        18⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        12⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        14⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        16⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        16⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        17⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        19⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        14⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
        15⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        16⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        18⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34493.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        14⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        16⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        17⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        17⤵
        Program crash
        
        PID:280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        16⤵
        Program crash
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        15⤵
        Program crash
        
        PID:2988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        14⤵
        Program crash
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        7⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        8⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
        11⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        12⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 200
        13⤵
        Program crash
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        10⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        12⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        14⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
        15⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        17⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        12⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        13⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        14⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        16⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        17⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        18⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe
        14⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        15⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        17⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        10⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        12⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        15⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        12⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        14⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
        15⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        17⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        13⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        15⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        16⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        17⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
        11⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9682.exe
        13⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        15⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        16⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        8⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 188
        9⤵
        Program crash
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22150.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32622.exe
        10⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        11⤵
        Program crash
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        10⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14448.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
        12⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        13⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23746.exe
        14⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        15⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        16⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42936.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        15⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        16⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        17⤵
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1620.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38193.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        12⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3792.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1566.exe
        14⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        15⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
        15⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        16⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17853.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        15⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        16⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        17⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        9⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
        11⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47539.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        14⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        15⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        16⤵
        
        PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe

Filesize
192KB

MD5
79dd271d45e45a816e23c8bd9408a656

SHA1
47e24df1fdca527cf56101f3aa03c22030e991db

SHA256
d08514129292e573a942f8307df71af1db5d1e4d0f7230c2e2c5bb53b87a8076

SHA512
a210f928beffb1de338e2dd7a041bb1b2ff043989938872ed35c7db8c282c02c2704335c59cc705d4cfc698832facc80450d5bab0065a3bafa39febbce0ba719

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe

Filesize
192KB

MD5
0dfc53c2eb1173512a0e703124a806b7

SHA1
a8d596f6a06eea3b13664d7447be97afd6b84688

SHA256
05783b276c637e6069c9f8b157aee25f859b391c6a78ae4429c1a532996ea0f1

SHA512
32c528d9a19b39a13054e4df466dedaa0a06b3227a17cac6b7c7979a4e49edbe0281d5d955938ec82dd4e4cf09274c70a6c599e4c98fe2628270d7654c225742

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe

Filesize
192KB

MD5
6b4c741fb3de0f02faeb0865b74ce432

SHA1
9a90d8b68d30fe92e5302bf4cab77ed954dcf41e

SHA256
958e09a93c42313b28f24d16461ccc0f53f346ca833c5a840b6642b3e9dd3daa

SHA512
12dd4510afa9a3486c86d0f9b45fe0d66b56ab0d3d254e4112e7e3449e444498ee7136b73b791825b79ea00aa8a595a73036b97ca88425c69501f2de521132d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe

Filesize
192KB

MD5
224854ec670293ced3fe632f54c1bde2

SHA1
426f33285d70d39ae7e04a85de600ded428f8d9b

SHA256
3f8fb3efbf5faf0766c27c7dd01a1f06c186ffb270c354d963946d13d583e659

SHA512
a96cf46abb1e89d14cafd56d95eb8f5345fd70e586a51ec307c64918ba2f4ed8cbf58a4122c6ba90db31d3d5d21e8b731219e06c31dfe564fd0895975d1d918a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe

Filesize
192KB

MD5
35c216b06ea82940cf97da2deb0acc94

SHA1
b65253203a55ba5f5b79b1d511ec230c4e5540e0

SHA256
032c4b1583f1cbae9049ffd73c9fca17bad82542fb20c2f6d3439bffda6f0a14

SHA512
3b258e896a2c1859ca3cc3a4ae1da1d0145ed12325e89bb7b8839ee6df668135a9c1a62ab802d10308ae4fe1b0676ab0287b616881c4bb9391544a3625c2963a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe

Filesize
192KB

MD5
4ec03cff2965c01a4c8deffdedc3290a

SHA1
f3ac5fce30aa11c3dd6b06d732aa275aa31efeef

SHA256
619932ce9546071ed821141d1a9ee561a2d1f258d68f1faf9ead20535742ce15

SHA512
2a3b5fc2b41c5db38537f2b3626cfad3f4fbb93c3d320daf7e0c5a682c4809f774bed5a9240535eabfa8fb73f0261037ee54061cbac089e7c0845b53580484b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe

Filesize
192KB

MD5
06cf764a473060f8e8a639c8fbecc5c7

SHA1
76d1a9498e02e4e119c014d1aebf9b6f9d0cb3b6

SHA256
9736bcfb60ce2a0c71c285cdaccce732cfa484f2f62b8fac32a153b6c70e83a1

SHA512
28b4fec844341cd1372d09eeb7687d860425a2beeb13c657ed93eff28014dbdb2238ffd0765475ec29102e366832c6a8ad343260e58f3ed5705e3e869662dd98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe

Filesize
192KB

MD5
472bed2d2fe42cf163c38744a8a96ce4

SHA1
11be47e41c53f2262a5caf81bcc2b41214aa37e5

SHA256
0cb0ec154ca3dde3770745d61a72266d6e05f9d85e22a77a935681e9aaa7d196

SHA512
0987db6ece6c3c5174e36cf5783d8c83f4924791f60b8b12487ccad3dfff6c9dd2c3361f0549f9a2e469438a7a6248d5ecec10d0e3c2e4affb1dc77acbeeb508

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe

Filesize
192KB

MD5
54e28390a0a26e7a74b55915d5d4a16e

SHA1
3bd26644f3089e70b1c6feb9db92211ef8b20b6d

SHA256
46695e9d5869c763cf8e52d61365c0c251bf11d3eeae02b8762a0737ad8b1c42

SHA512
982a0e48fc2dfb45fef1023314f0d68edb8dd138362c8a43708282f7679061dbd0c1917d323f080c1afff5836af40a17f2e07b358360ce182694234a5851f221

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe

Filesize
192KB

MD5
b1a9a3dc9835571f092aeac040594f89

SHA1
84aa6027b051db0beb9626ab38faa7950cf4bd24

SHA256
04888204b32412d0865f97ba2cf26a9d1292cdccf2e214c302d7b9cf9e7a3351

SHA512
2561946da49be13c8cc7e6d5007d8c575a2bd1a3041f67df1e5205a476f2bc41d20b799baccada74431b350805cc14c3b359bfaeadcc9c00ab5381ce8d4d1619

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe

Filesize
192KB

MD5
bbdd147d848871132859d3ccfdca35a5

SHA1
f3ddfdbe2fa9c5419b2fcfe10d2d10a37698f290

SHA256
b4ff0d80398e19f19fd9dbbb7fc23b605b9361576b1b5d795b05d753df80eced

SHA512
1cb9d18f0d0f309eccb67b4234148b9f55a5f6bb2b322cc81b07a81ba82671f99d292ffa152103b57ca639b8f40b331fab582a98c5d87c9b7fd314c4386730fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe

Filesize
192KB

MD5
aff7deaaae800e375386fa8021c70fb6

SHA1
c34a459d497d776e0e0bb90e6410886d2f9aa413

SHA256
f97c94b704d7de91a4ecd5f2c8e0bfe8036f9296debc32dfb0ef4d0ef39b387d

SHA512
4a1d78f15ab747274508ff68a3b3ee7d6e0ac2e1be1ff6a85e7ed4bf5586e1a59a9744dfdd98fe4a01f01c31070091f5121f23cf7cabe6c122bf3f167cc5898b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe

Filesize
192KB

MD5
3dde55fee3c6c2d1982a737d394929c1

SHA1
9e636f928cfdd372c0f7f34386bdace210cb5f4d

SHA256
2216344b4758d3ebaf56d614e2576323ba17f63b93052e28034b3c9482766868

SHA512
58a9b5bd480e1ce5573ce544ac9a63c9d28043b587890db6dab5b2e3bdd67a0acf27476c05a738636c9fcc54ee139df7257e3a98ba9cd9fa5b876a613e1a5aaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe

Filesize
192KB

MD5
43af6f2573f140f2ec53f7786afb1d63

SHA1
e48bb67d54fa6582db990cdd58fe9716b8bfc6c9

SHA256
5f58cfda7fd309732c473064c26481fbf75dc671aca361a35621c78d05aab331

SHA512
f2f56f0fc6fc629b662f3ffa71eac505d39ef76ce03acba47b5cfff7463b6614bb43af7679b6f1a3ad4e1ca4c1448800668325e40ca604da64ab73888495ff11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe

Filesize
192KB

MD5
663f5f1211a83e77bd8f0fb106486a5d

SHA1
dacdcb3f30c95fb606d71c9d58b9672a47e9cc71

SHA256
d5ad6cb040f70db48e8748761d412de04673dd0d3b8f7ebae8a0efa439db111a

SHA512
7b5d2379a1a04e812cdc45465184fdb7dd06f0d24017d66eded31d5663b9f08eb707dc02719731a8945ff1fcd7ece9e967bb62000b6e8f4453652ef46bfb8f07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe

Filesize
192KB

MD5
a145604bcdf18e04f89a9ff1a853de68

SHA1
7355a7a294ce77362befb8cd2e77b0d1825dbd08

SHA256
87e6680a3f054d65464336ad311dd8b76b2da6345cb6246a44250601ae8f11a9

SHA512
95da04fdd8252f2f60aa83ba92762de59048f8942408e14e888dc3f3f074f369cf4b9b6cfc3954918ff39a5e42fa3578d1828fefa7c950d60328b54ffcdd37be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe

Filesize
192KB

MD5
56e601bd2e02a3216cca46242d9597c1

SHA1
f157519b97e8dd005149ce4618e163865fa1079d

SHA256
3f24c97c8c23286aae9c3d2df8ca78e6325c94f73d8b5c122ae2968a2dd408a0

SHA512
00a5bb3a29f37ab97e9d65a3f4225b30ccecb0a57383e65e0cded29669a66365f380449e38ef0ad08278d4cb9a3dacf2d0c35bd6ab4ec607bd32a8e6924b491b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe

Filesize
192KB

MD5
6ac19cf651a5dd03e9cb7fc4a7ae6ba0

SHA1
3244e30eedf639e8acc880f3bf659dfce3335580

SHA256
fe8c5f5925da1223f4ff5b1dae3014d354036de62fcad2bce35eb97f49945353

SHA512
2343d242c6465d1c78a9949aeb2d52452b9ab82285b88399b6511fbf581a761946c61ec4b2d407a0b0938f46881a0f9945e2b85d67d6508af751b5512bcf104f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe

Filesize
192KB

MD5
4662e6d9597d43a9dd2b5ebf8febf8ea

SHA1
9fb360e34a6c41853abebd485e09f850a1146c5b

SHA256
0bb814e894c99ec0e672e85adbe5e47154e313a82086723f60d044ef53309990

SHA512
6eb4355a9d6e816ca47eabb4bc1216f15e2101d52a3f3490c544a87012f7b5c694e3bbdbb35d1b0bff838bc1c2f30bedc54f540efd266d6707c233255cd2bbce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe

Filesize
192KB

MD5
d9719b74336d594f3950e5270aecc5c7

SHA1
7b2deadac6e38e8d61f33e5f2af2e4d056fc8e7d

SHA256
b4c535db2762fe6d569c278922a0df3f07fe8f6a29cc2dacef034e790603539f

SHA512
8f529f3c23de5d47df2f79298ee77d192f5652379be5d911525d22ae103ae32ace756438a57e0be1ae60c4893f136b23a9df1a5cfff3513cde6e8e6c23ba219e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe

Filesize
192KB

MD5
2feb86f9fa0e6f495d77757a178f412e

SHA1
956f4b8bcfd9260c65bed6e31fdfc9e5a99872cd

SHA256
a68ea0d2b5b41f2538a1a51435a1487808148c9cfa51acc201b3f2f2b5693e5b

SHA512
6c297544ba96a41d2f196e6c87bf126443903479cb67c326ddbbfb6bca26ce9c9085dd95b9296ade4341d077a7c39b9426fe6ede65ee41ebb0e157df5a62f4cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe

Filesize
192KB

MD5
f8b1a14c194564879646845c9b682085

SHA1
97f8708788e613053053ccc40101dd61eac20a73

SHA256
3121ff0f934de5e95d3b025a8cddb2bdad6958c5376f023833093401eb815858

SHA512
0c14496742fe51892c53a3c74e3a8d1b7b73f04f127c24bd30fdbafe96cda77f8feef56ff85843068367b864c3af8a89a7f6195f59a9f977b25e941019facdad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe

Filesize
192KB

MD5
10545dc849839c766809de73fff2c8b6

SHA1
e9de6e543ef7400c3b605a6fdb4c031f84cf17ae

SHA256
79fa8488ed5d3019fce24def6c3461ea2925ab72e8fc46130ef0d7e92cd71dda

SHA512
a8f5cf4d73a001bc5ce934bd4b100ec865f4eed230bfbe917d6756d0ea05f653bd8a865a12983c5b1f9a67053c4d695ef41fee1514511e1af22a87f8cc37347a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe

Filesize
192KB

MD5
ca8bf810f17c173e03c79f15faf2050c

SHA1
fe38b17f51588b5ad4ecf7faedc939b7ade9c91b

SHA256
4f7d360a5cfa2aad5e9ee570bf207a0f4b43f6d97b364a074576044314e36cb3

SHA512
822eeec4a9038c8025a4c732ba63231b4200dc9dd4551e81c40d010f1e5326d31fe057ab0e3492d46548c72aadc56f1169d40b7dce4e1b11dac2a16be15d0aa1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe

Filesize
192KB

MD5
3437ea028561c3ee9a51f80e8e0b30d8

SHA1
677e91a62e113baeea965022cf1dda31538299a0

SHA256
94af486f1af92480830de277c8eb87e778e99a0081b34779893db85fea2e41d7

SHA512
0a95445dbd9d0f412272fa3b06040150f0a84b5201f4f63c9fc61b1d7ac7e9e369f44eafe5384fbdde5150e1db6d0fe5f9f5a571fa6ec90391b0d26d05590b1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe

Filesize
192KB

MD5
513c735497e1be83b4598ba43eeb10a4

SHA1
3e252440cfc307467f212c68ab52bc89af3d0ab2

SHA256
77f55f4606c3b147e8ff54441ef63c664956f87722a47d8e9b9e5130331bd0fb

SHA512
2d58be40e0f490196f239111c34e1e59bdb82922609fc9225232631ea50217dff6ef8b36af36aaf57a62d3959a909d08847176a42359daa8f8c04d6c9b475bfa

Download Submit
memory/1936-849-0x0000000002900000-0x0000000002A10000-memory.dmp

Filesize
1.1MB

Download
memory/1936-848-0x0000000002900000-0x0000000002A5C000-memory.dmp

Filesize
1.4MB

Download
memory/1936-847-0x0000000076CB0000-0x0000000076DAA000-memory.dmp

Filesize
1000KB

Download
memory/1936-846-0x0000000076B90000-0x0000000076CAF000-memory.dmp

Filesize
1.1MB

Download