2375f458a09b44b48ef625a0fc5dcc32f9ee9ffcf1de4f1dabe00ed6e7c089c7

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
Size

188KB
MD5

ad17a7edac1f86ce264ef7ad5615fc77
SHA1

8dcbeacfaff5b90acf71e49ab770836a8ecd1d3b
SHA256

2375f458a09b44b48ef625a0fc5dcc32f9ee9ffcf1de4f1dabe00ed6e7c089c7
SHA512

f050e6150707e8516add736c87f2bb4f9691f125e0cd682dc6ef42b28dfa0d3b0af68592b3a1696e0217803fad7428cc821c8c75067f3c430c69270b4f00029f
SSDEEP

3072:ztkDo6vo9AkvOj9dfIc/zFXxUT64TZT8gYx8kPOODlPdpF8:ztUojqkv+dAc/z4FXgDlPdpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2784	Unicorn-17483.exe
2616	Unicorn-54877.exe
2608	Unicorn-9205.exe
2440	Unicorn-49252.exe
2200	Unicorn-26694.exe
2476	Unicorn-49807.exe
1468	Unicorn-41167.exe
2660	Unicorn-41913.exe
2752	Unicorn-4410.exe
1612	Unicorn-35137.exe
2204	Unicorn-58250.exe
1600	Unicorn-19917.exe
688	Unicorn-13372.exe
2260	Unicorn-41406.exe
2992	Unicorn-22932.exe
2392	Unicorn-949.exe
1668	Unicorn-46621.exe
2904	Unicorn-13201.exe
1308	Unicorn-19978.exe
1628	Unicorn-54810.exe
1884	Unicorn-61587.exe
2040	Unicorn-62978.exe
2832	Unicorn-6185.exe
1416	Unicorn-60025.exe
1480	Unicorn-61416.exe
2984	Unicorn-57332.exe
988	Unicorn-155.exe
2956	Unicorn-23268.exe
268	Unicorn-35520.exe
1700	Unicorn-28744.exe
1676	Unicorn-59470.exe
2524	Unicorn-55749.exe
2664	Unicorn-55469.exe
2412	Unicorn-4877.exe
2432	Unicorn-24743.exe
2136	Unicorn-14436.exe
2892	Unicorn-14436.exe
2860	Unicorn-41825.exe
1152	Unicorn-8406.exe
2596	Unicorn-39495.exe
2132	Unicorn-36803.exe
2712	Unicorn-36803.exe
1340	Unicorn-64192.exe
580	Unicorn-26689.exe
680	Unicorn-26689.exe
2384	Unicorn-47109.exe
2616	Unicorn-53886.exe
2084	Unicorn-5261.exe
1764	Unicorn-48240.exe
2244	Unicorn-33295.exe
2812	Unicorn-42209.exe
584	Unicorn-62075.exe
2028	Unicorn-61774.exe
684	Unicorn-61774.exe
1380	Unicorn-36563.exe
1800	Unicorn-43108.exe
2116	Unicorn-31410.exe
2628	Unicorn-8852.exe
2988	Unicorn-49330.exe
2276	Unicorn-35516.exe
1728	Unicorn-13512.exe
2960	Unicorn-60020.exe
1540	Unicorn-38208.exe
2708	Unicorn-62158.exe

Loads dropped DLL 64 IoCs

pid	Process
656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
2784	Unicorn-17483.exe
2784	Unicorn-17483.exe
2616	Unicorn-54877.exe
2616	Unicorn-54877.exe
2608	Unicorn-9205.exe
2608	Unicorn-9205.exe
2784	Unicorn-17483.exe
2784	Unicorn-17483.exe
2440	Unicorn-49252.exe
2440	Unicorn-49252.exe
2616	Unicorn-54877.exe
2616	Unicorn-54877.exe
2476	Unicorn-49807.exe
2476	Unicorn-49807.exe
2200	Unicorn-26694.exe
2200	Unicorn-26694.exe
2608	Unicorn-9205.exe
2608	Unicorn-9205.exe
1468	Unicorn-41167.exe
1468	Unicorn-41167.exe
2440	Unicorn-49252.exe
2440	Unicorn-49252.exe
2660	Unicorn-41913.exe
2660	Unicorn-41913.exe
1612	Unicorn-35137.exe
1612	Unicorn-35137.exe
2200	Unicorn-26694.exe
2752	Unicorn-4410.exe
2200	Unicorn-26694.exe
2752	Unicorn-4410.exe
2204	Unicorn-58250.exe
2204	Unicorn-58250.exe
2476	Unicorn-49807.exe
2476	Unicorn-49807.exe
1600	Unicorn-19917.exe
1600	Unicorn-19917.exe
1468	Unicorn-41167.exe
1468	Unicorn-41167.exe
688	Unicorn-13372.exe
688	Unicorn-13372.exe
2260	Unicorn-41406.exe
2260	Unicorn-41406.exe
2660	Unicorn-41913.exe
2660	Unicorn-41913.exe
1668	Unicorn-46621.exe
1668	Unicorn-46621.exe
2392	Unicorn-949.exe
2392	Unicorn-949.exe
2904	Unicorn-13201.exe
2904	Unicorn-13201.exe
2752	Unicorn-4410.exe
2752	Unicorn-4410.exe
2204	Unicorn-58250.exe
2204	Unicorn-58250.exe
1308	Unicorn-19978.exe
1308	Unicorn-19978.exe
2992	Unicorn-22932.exe
2992	Unicorn-22932.exe
1612	Unicorn-35137.exe
1612	Unicorn-35137.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1240	2088	WerFault.exe	122
2540	1808	WerFault.exe	160
444	2568	WerFault.exe	169
2304	1080	WerFault.exe	361
2360	2552	WerFault.exe	385
1844	2080	WerFault.exe	422

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53518.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-636.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64123.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
2784	Unicorn-17483.exe
2616	Unicorn-54877.exe
2608	Unicorn-9205.exe
2440	Unicorn-49252.exe
2476	Unicorn-49807.exe
2200	Unicorn-26694.exe
1468	Unicorn-41167.exe
2660	Unicorn-41913.exe
2752	Unicorn-4410.exe
1612	Unicorn-35137.exe
2204	Unicorn-58250.exe
1600	Unicorn-19917.exe
688	Unicorn-13372.exe
2260	Unicorn-41406.exe
2992	Unicorn-22932.exe
2392	Unicorn-949.exe
1668	Unicorn-46621.exe
2904	Unicorn-13201.exe
1308	Unicorn-19978.exe
1628	Unicorn-54810.exe
1884	Unicorn-61587.exe
2040	Unicorn-62978.exe
2832	Unicorn-6185.exe
1416	Unicorn-60025.exe
1480	Unicorn-61416.exe
2984	Unicorn-57332.exe
988	Unicorn-155.exe
2956	Unicorn-23268.exe
268	Unicorn-35520.exe
1676	Unicorn-59470.exe
2524	Unicorn-55749.exe
2432	Unicorn-24743.exe
2664	Unicorn-55469.exe
2412	Unicorn-4877.exe
2892	Unicorn-14436.exe
2136	Unicorn-14436.exe
2860	Unicorn-41825.exe
1152	Unicorn-8406.exe
2132	Unicorn-36803.exe
2712	Unicorn-36803.exe
2596	Unicorn-39495.exe
1340	Unicorn-64192.exe
1864	Unicorn-61499.exe
580	Unicorn-26689.exe
680	Unicorn-26689.exe
2384	Unicorn-47109.exe
2616	Unicorn-53886.exe
2084	Unicorn-5261.exe
1764	Unicorn-48240.exe
2244	Unicorn-33295.exe
2812	Unicorn-42209.exe
584	Unicorn-62075.exe
2028	Unicorn-61774.exe
684	Unicorn-61774.exe
1380	Unicorn-36563.exe
1800	Unicorn-43108.exe
2116	Unicorn-31410.exe
2628	Unicorn-8852.exe
2988	Unicorn-49330.exe
2276	Unicorn-35516.exe
1728	Unicorn-13512.exe
2960	Unicorn-60020.exe
1540	Unicorn-38208.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 2784	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	29
PID 656 wrote to memory of 2784	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	29
PID 656 wrote to memory of 2784	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	29
PID 656 wrote to memory of 2784	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	29
PID 656 wrote to memory of 2616	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	30
PID 656 wrote to memory of 2616	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	30
PID 656 wrote to memory of 2616	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	30
PID 656 wrote to memory of 2616	656	ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe	30
PID 2784 wrote to memory of 2608	2784	Unicorn-17483.exe	31
PID 2784 wrote to memory of 2608	2784	Unicorn-17483.exe	31
PID 2784 wrote to memory of 2608	2784	Unicorn-17483.exe	31
PID 2784 wrote to memory of 2608	2784	Unicorn-17483.exe	31
PID 2616 wrote to memory of 2440	2616	Unicorn-54877.exe	32
PID 2616 wrote to memory of 2440	2616	Unicorn-54877.exe	32
PID 2616 wrote to memory of 2440	2616	Unicorn-54877.exe	32
PID 2616 wrote to memory of 2440	2616	Unicorn-54877.exe	32
PID 2608 wrote to memory of 2200	2608	Unicorn-9205.exe	33
PID 2608 wrote to memory of 2200	2608	Unicorn-9205.exe	33
PID 2608 wrote to memory of 2200	2608	Unicorn-9205.exe	33
PID 2608 wrote to memory of 2200	2608	Unicorn-9205.exe	33
PID 2784 wrote to memory of 2476	2784	Unicorn-17483.exe	34
PID 2784 wrote to memory of 2476	2784	Unicorn-17483.exe	34
PID 2784 wrote to memory of 2476	2784	Unicorn-17483.exe	34
PID 2784 wrote to memory of 2476	2784	Unicorn-17483.exe	34
PID 2440 wrote to memory of 1468	2440	Unicorn-49252.exe	35
PID 2440 wrote to memory of 1468	2440	Unicorn-49252.exe	35
PID 2440 wrote to memory of 1468	2440	Unicorn-49252.exe	35
PID 2440 wrote to memory of 1468	2440	Unicorn-49252.exe	35
PID 2616 wrote to memory of 2660	2616	Unicorn-54877.exe	36
PID 2616 wrote to memory of 2660	2616	Unicorn-54877.exe	36
PID 2616 wrote to memory of 2660	2616	Unicorn-54877.exe	36
PID 2616 wrote to memory of 2660	2616	Unicorn-54877.exe	36
PID 2476 wrote to memory of 2752	2476	Unicorn-49807.exe	37
PID 2476 wrote to memory of 2752	2476	Unicorn-49807.exe	37
PID 2476 wrote to memory of 2752	2476	Unicorn-49807.exe	37
PID 2476 wrote to memory of 2752	2476	Unicorn-49807.exe	37
PID 2200 wrote to memory of 1612	2200	Unicorn-26694.exe	38
PID 2200 wrote to memory of 1612	2200	Unicorn-26694.exe	38
PID 2200 wrote to memory of 1612	2200	Unicorn-26694.exe	38
PID 2200 wrote to memory of 1612	2200	Unicorn-26694.exe	38
PID 2608 wrote to memory of 2204	2608	Unicorn-9205.exe	39
PID 2608 wrote to memory of 2204	2608	Unicorn-9205.exe	39
PID 2608 wrote to memory of 2204	2608	Unicorn-9205.exe	39
PID 2608 wrote to memory of 2204	2608	Unicorn-9205.exe	39
PID 1468 wrote to memory of 1600	1468	Unicorn-41167.exe	40
PID 1468 wrote to memory of 1600	1468	Unicorn-41167.exe	40
PID 1468 wrote to memory of 1600	1468	Unicorn-41167.exe	40
PID 1468 wrote to memory of 1600	1468	Unicorn-41167.exe	40
PID 2440 wrote to memory of 688	2440	Unicorn-49252.exe	41
PID 2440 wrote to memory of 688	2440	Unicorn-49252.exe	41
PID 2440 wrote to memory of 688	2440	Unicorn-49252.exe	41
PID 2440 wrote to memory of 688	2440	Unicorn-49252.exe	41
PID 2660 wrote to memory of 2260	2660	Unicorn-41913.exe	42
PID 2660 wrote to memory of 2260	2660	Unicorn-41913.exe	42
PID 2660 wrote to memory of 2260	2660	Unicorn-41913.exe	42
PID 2660 wrote to memory of 2260	2660	Unicorn-41913.exe	42
PID 1612 wrote to memory of 2992	1612	Unicorn-35137.exe	43
PID 1612 wrote to memory of 2992	1612	Unicorn-35137.exe	43
PID 1612 wrote to memory of 2992	1612	Unicorn-35137.exe	43
PID 1612 wrote to memory of 2992	1612	Unicorn-35137.exe	43
PID 2200 wrote to memory of 1668	2200	Unicorn-26694.exe	44
PID 2200 wrote to memory of 1668	2200	Unicorn-26694.exe	44
PID 2200 wrote to memory of 1668	2200	Unicorn-26694.exe	44
PID 2200 wrote to memory of 1668	2200	Unicorn-26694.exe	44

C:\Users\Admin\AppData\Local\Temp\ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad17a7edac1f86ce264ef7ad5615fc77_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        9⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
        10⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        12⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        13⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        14⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25810.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        16⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        19⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        13⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        14⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        15⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        16⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        17⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42209.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        8⤵
        Executes dropped EXE
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
        9⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        10⤵
        Program crash
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        12⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        13⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        15⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        16⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        9⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        11⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        12⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        13⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        15⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        16⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        9⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        10⤵
        Program crash
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        12⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        14⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        15⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        16⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        17⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        18⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
        10⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
        14⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27580.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        16⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        17⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        18⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        15⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        16⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        17⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        13⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        15⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        10⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34987.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        14⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        15⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        17⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
        11⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        12⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        13⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        14⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        15⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        18⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        16⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
        17⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        9⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        12⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        13⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        14⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        15⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        17⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13412.exe
        16⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50771.exe
        15⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        16⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        11⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        15⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        16⤵
        Program crash
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        14⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        15⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        16⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        9⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        11⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        12⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        14⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        16⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        17⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        13⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        14⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        15⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        16⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
        11⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        15⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        16⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        9⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        10⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27348.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        14⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-636.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        16⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        17⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        11⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        12⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        13⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        15⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        17⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65363.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        15⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        16⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        12⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
        15⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        16⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        17⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        12⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
        13⤵
        Program crash
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        5⤵
        Executes dropped EXE
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        9⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        10⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
        11⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        15⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        16⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        15⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        13⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33297.exe
        13⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
        14⤵
        Program crash
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        11⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        12⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        14⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        15⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        16⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        10⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        12⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        13⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        14⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
        11⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        13⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        14⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        15⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        16⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        17⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        10⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        13⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        14⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        15⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        16⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        17⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        13⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        14⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        15⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
        16⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        8⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        14⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        15⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        16⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        17⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11971.exe
        8⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
        10⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
        12⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        14⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        15⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        16⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        12⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        13⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        14⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        16⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26002.exe
        13⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        14⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        15⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        16⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43667.exe
        17⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        10⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
        11⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        12⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        13⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
        14⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        15⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        16⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        17⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        13⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
        14⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        15⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        16⤵
        
        PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34001.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54836.exe
        10⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        11⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        14⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        15⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52634.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        17⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        18⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        11⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        14⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        15⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        13⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        15⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        16⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20519.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        13⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        14⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        15⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        16⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
        6⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        9⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        13⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        14⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
        15⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        16⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
        15⤵
        
        PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        11⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        12⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
        14⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        16⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        15⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        16⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64592.exe
        7⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 220
        8⤵
        Program crash
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61966.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        13⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        15⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        17⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
        6⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        13⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        14⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        16⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        13⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        14⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        12⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        13⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5607.exe
        14⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
        15⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47704.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        12⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        13⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        14⤵
        
        PID:280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14088.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        11⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        13⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        14⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        11⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        14⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        15⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
        12⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        15⤵
        
        PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe

Filesize
188KB

MD5
23bba970f29f3d5bf1768d08301d718f

SHA1
e1c61a6aad33dbfe5993a072d6cd111c1210cde1

SHA256
999102c511ffbfcd3c2766bb999b18204e8705e52622baffe36f501d1ce3febe

SHA512
4c0b6cadaa412fdc4c8b944077e1df5f1ad13adfe93ce4e3a78d9d7bf4e2def654bc5fb0984d705d8410facb6636815326c007e01df8a908dc28334f1fb540a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe

Filesize
188KB

MD5
19a4e38c85da297c720deb6e25ba3d83

SHA1
324af7595ca40810910b7a48233c59766f71aff3

SHA256
65722bf0cb8f866e09d73c67446fe997a1d08a24cf0d9480b027b914ccbae6ca

SHA512
6d9fe2ee287c5fdf5499b9be01a5a70442a794e4a17ef2a58646d40dd391119b98788b0cae39c46a345b02be451ee9fd65711e5236be92eea0e4cb03d22916a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe

Filesize
188KB

MD5
95759a8bda65a6ee3d170de983dedfb5

SHA1
ae13199ac7abc6b62f57323198abc7608df33d5a

SHA256
7dd039c304be7bd86a6d73bb943eb7bc06bb7fc591ee542b74a41153a6a00968

SHA512
06af6654ac89145663489e18f940dca680a5a45eecb9733092ea2f853363ceed9f92c64e979ae9862c68f8a5c1618357cf1c3534b102cfc9a7e930d4533c867b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe

Filesize
188KB

MD5
1bad363b57c2edc709027e5de59d7b5d

SHA1
a2854d4012e61c011df83efa1c4726058479be14

SHA256
491b769c56460a6c5e66a35a0820efdada91f8c36d85438abaa7cdd2175c7b55

SHA512
cd6f3a7bb75eeb0c715e6b1d059fed6d80b6ddfd6d8b58edea4a1c1adb57cec2d6a25f6e200a3bc0ac7d2cb51845493d5fa4f8ee6d6d45502b677e9c736bcc2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe

Filesize
188KB

MD5
d5fca87489db0639ad2e02da14aa5e39

SHA1
9b1093f537ecde383d115803f84b062b5fe3c16b

SHA256
62a7373ab7111a442ebd075b6a71f997dfbe8b054f9e7b9cb9319f425f0f9b5b

SHA512
f687f4df125ecb8158829aeaed7b409d1b9f11e9ec66c91fa468400b4ff47a7dd5f5b520ceb53fa027a4744208803401c163ce23fac5606e2136322fbefa6cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe

Filesize
188KB

MD5
33cef300fc12ab4c9edb9e3369ec2e9c

SHA1
8e10ad574706039ac0a5f496785097497e1f6c79

SHA256
a6ea12d39b7040e0f845beba53926841cb34197ff6c2ae85b622b2d48f2b0697

SHA512
a330a03122b755e55982e4bc6c67cf74cdbfe05d5d2ce438b96ebdab2f6c1b8c84b60c1654c2fb73b4071cf38a3431da1afb2955eacf243506edcc7768866771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe

Filesize
188KB

MD5
321cce265493f077f125fb1c37d22d21

SHA1
101464a401d8a8f760ab60a3e21a742ba6390b5d

SHA256
aa4cb52a461d632974bba353bf00b1ea5ef828777ed1c99c8d218b2ae99905c0

SHA512
1cd5410df713ef986e1364ba379753673e9c0cfcb64e96b4c016f1b8063181576d12d236f6c3c3962329fbee1dd5e7dc5b322b10a734a3d268a82971e50d8c7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe

Filesize
188KB

MD5
f62f70e9b87343a059aba7b22615451c

SHA1
ff45f4d50fe0b1a4641e72a1bacd5d419b0f8e5c

SHA256
cb5b8cd169986036682ccff711da2ae82ef364cabcc0953df01f294bd56246f5

SHA512
33f9bd64c509b7b14fbd7ea03da9e7ae30745c18eea3227a1ab93d59f52d93f797eb6629e5ec52f46846000eecd36615d20097a6b1fe512fc0a413141ae5c2b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe

Filesize
188KB

MD5
2c0148832afe4c9e0294e2dd53ffd029

SHA1
e0e8d520419c07f9a018027ca106173770b9318a

SHA256
f40c82045cc47d67cbcc94b1b6494e998b2fa5839f0bb1f4d5ed34c43034e2e8

SHA512
9616bd8791055e40b2c2f4caaa74306fe68d31e1758cd3e02489a228e336e2739f6822376cdd0889b14cc30482a5a1bf74d877a2b031c9ff21f048dde1e2a503

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe

Filesize
188KB

MD5
45e0ef51e58173c2736b3267c0f9f9bc

SHA1
3cf2c7cea811fe2dc2f0701abd32c76ff35576c8

SHA256
3209e927cec8d4ce50d401301bcc52b9b9a6c277b9d02be39c517f4176170a9f

SHA512
2f933cdd6eff2be429e87551c527751d0794bf2991c8e9bad6c89c565a7ed0d9fa191068ed7fa049425584aad54f347a147881ca0e69fa2e11b032132b33b0a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe

Filesize
188KB

MD5
d2409a67347473857afd72d8ac406bc6

SHA1
cb9a9c302ca98acdcb7ba3747f5635eae14be64b

SHA256
cba6c02d9e2d12eff9cfb5d6c305cd3f849c5c39d86a866938d71ce13a970985

SHA512
507a3593e4462633fd4d24c5e3658e1b36dfb4b6023ff61293510124898092130da65c2aaec9ffca7a095cc76601858e0b200424321203db37770e8fcf025cf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe

Filesize
188KB

MD5
ce1b050723fe342a21a3b9f5605b1455

SHA1
11668df31fe41679f900aefb699819f465bb02cb

SHA256
9052ce9dc3338a308388ebde2c849082654391da0a52300ba61d11f4d0f8e59a

SHA512
2a4f2fe2c248777e4703c774afd01a2e60bedb321419b8ba12ffafda153486b1a71e11d7f2bfc71ef4ecedbd74581767147710248852a6a96a172fad49d51bd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe

Filesize
188KB

MD5
35146c0077f872693edee778fb9396e6

SHA1
6b544ede36b60f9221a94932a31592392598c80f

SHA256
6ae0cc54924890f7a1000c53401743580f6322c7b9766c2f3b5a9939c1ec47d9

SHA512
709e362f87802defaccfb82a841d832337006ccee7d6d1a60ad69315746e80b548c4a6b11bee275d8c225399b27dd0c66cc112d74cae0a29bff1ffd64d237e06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe

Filesize
188KB

MD5
0b44da8c2cb39f6e2d038a68052a31d3

SHA1
d749437c330d8eeb738a7865105fcc2ee7b15fdb

SHA256
857ee1d5810b84a6e3cc507d1e15083c8aa4de258605a7a87ac1ab6f693fb4ae

SHA512
25e3949cae2ea47c715cd3dc3a4f4576a52c345a0952946c37b944c62eccee3e85266d7f481758729700233a2f2f27df8d76f8f0f3b86e3f09cd8d30f22e9615

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe

Filesize
188KB

MD5
61654fdeaa09c4ea163ab7ed0234877d

SHA1
d4464537901c07760bcd919a6fbd4e5347933dfe

SHA256
1f82c70e5d2b3ff57ea63312ee83a658ee8a56aa5451e84da53de44c78be1484

SHA512
d7373bf7a5ad2bae405cd8a9e366fc3efe5c3dc734a6d2c848fce5eadc19a2c09ffd16e8f8a2d320d7922fcaa2d7c0a90828d93c8e3f1ae2c17c8f718174abc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe

Filesize
188KB

MD5
663178e6dee4273b00569c2ab1dece1b

SHA1
e854c63f26f66a7b0f27ba2aab4205124db98aa0

SHA256
f16eee593fbbd15e10dc8c5d9b962b6790296be76d4c70c2bdf354c8c7132f73

SHA512
1f7cc2215c25783456204b204ef37c15672dc9dbd837ffa2abea744a65898bac9c609ddb4e509d27be671378c354e590d7726891583bbb661c8035a98669c4bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe

Filesize
188KB

MD5
5daa422d1852a494c7f3fc940f368546

SHA1
c1cb5c97ae5eabdfcdb385fdd0a56ac8ce22b965

SHA256
e9075d82ecb4e4bb5c087d9ca926373ba3271c880cc180eecd16b38c8725100d

SHA512
9caeb7c1f19b8e9e1355452491c2391cf5d177dae01b4a4fec989eaaf952eeca620f21bc57b4ae3ccd95426716491ba161c935ac03360bdac2388c1cdefbc71e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe

Filesize
188KB

MD5
e15dde38d72f32504eb5ab6335622e09

SHA1
b7c1e1b5410dd5c26698544d8ea57ea1c552c219

SHA256
34f9846b0f37ea0b959b7495028656457fc8c81acfb925c4ef800a5cf1e76fa2

SHA512
a0eff1e1c4ff03d5ec5ca3ae2f3f0fd284b7d5bb0b4402812984bf9c9e8f9e0a9d0e5c6cb386b3668251a8ef4d5864b65cdaecb07a4df8506436d8436cdc3cd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe

Filesize
188KB

MD5
41f04077685b64628dc8921aed54bb8b

SHA1
6cd58f3469dd7b06ce7235e4e3f0f3429e8ecfcc

SHA256
116cb47491a23907596dcefd5734d6310cbed110b9fe479951e87776ac5cb0ca

SHA512
092a73dab250911f9f7f7bc474ed6d76d94ad960beb3354e2d5ab0789617471d3568b47c501ac87f810afb1c5db7692cc82a615bc3756b8259bb5af425171912

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe

Filesize
188KB

MD5
d268256ad05583478453e453d98abdf9

SHA1
d3e8fb80f01d9b7e8561171050f1da2d36a05af6

SHA256
679e8aea6c27cffd91a3ee73f5da180c8a40006f63447a99fdf021f99af74735

SHA512
011970e4d9020aee6542a9528ac4ea94253eef72b77d3b7a9a8020800f6c5f58b9762b526ab799490aa8a8af570116b682ee9a6bd1bb800087c6e7a4322cdd31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe

Filesize
188KB

MD5
ca19ed9e91127df1081d7a52c933617b

SHA1
3789f95f493077326502a34e344ba8ad5d92ff93

SHA256
261e194da4da87df7041ffdb57acb6449ad02f58dc5885a532fab1195d703570

SHA512
4103fd6bdc3b5e61049683124536b3044863f71120ed493c1999d199f1b59ca25b62cb3d601004c412cd6d2f945f77015805932ebb43cf7cdad2f8fcd70ed832

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe

Filesize
188KB

MD5
49b670d974344b4cd6862dbcc7694c5a

SHA1
7f4d82ebc01ab9551edd05c738751d2bcee61b89

SHA256
c31b46be8f73edd58f3131cfe4a56db18675c16880ccd70bcc130fff81a1f0e2

SHA512
7621fcfcaf13b8af471c363d513986aab4a4c7d3c14ed2969ed9eeb47192951e539e586e5de2761b71cf2b492668f10508c5c6f27b49f5ce6c723e93a3ba1e91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe

Filesize
188KB

MD5
8ea514f331b53ee9bfc4ee48426e3ad1

SHA1
0272b3b9736f3860fcff590ca6c834781fb07529

SHA256
635caeba337c278e2d49c0b6617667d4e35080c49c2809a4f4c555c771e00ac5

SHA512
14e4b051c2f25b45a56179b15255c71a51648e0c5ed63c0cc67d6ef9c9b9d6ab3bb74bc79a44f30a079504f1b6f911a6eae6339e483ca5ac2a19325c2f0870e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe

Filesize
188KB

MD5
afac466bd279b7ac72046ce4825eadd5

SHA1
d381ba0530027296abd5d61c7de349f34272bba9

SHA256
278e75b28b1c43857392e024ce0fdac889f2778591f85ca961e838f245e0ab24

SHA512
21e0288a7b5df6724d72cc9abcf62d9bbc4b8d14e3f375695fd677213288ff0d5fe8dc37390e05e2edadefdfccc7b8c662c92b035df07bfe0de272dbed5a0536

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-949.exe

Filesize
188KB

MD5
3017f741686593d72b1f5f169228c98c

SHA1
a48349e73d785b4f9a4eca6b6ed6cfbdb8a44593

SHA256
a8057143bbe676e1f9a7b4865e18b5ec2a8fcc9184f75839a2b035f96c54f8a5

SHA512
995b180f05a0cdadf5873d1a1f703adb4348e35f8995e3260c7600f32a7077a80eee2706dc8f5e37cc710866f8428eea08e064ae42845ffe4cc49d1dd34f34df

Download Submit
memory/1700-619-0x00000000773B0000-0x00000000774AA000-memory.dmp

Filesize
1000KB

Download
memory/1700-622-0x0000000001C70000-0x0000000001C9E000-memory.dmp

Filesize
184KB

Download
memory/1700-621-0x0000000002640000-0x0000000002750000-memory.dmp

Filesize
1.1MB

Download
memory/1700-620-0x0000000002940000-0x0000000002A9C000-memory.dmp

Filesize
1.4MB

Download
memory/1700-618-0x0000000077290000-0x00000000773AF000-memory.dmp

Filesize
1.1MB

Download