a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
Size

184KB
MD5

13c5572d01ea0cc698810afc924c7a26
SHA1

88369b9abb31b03336672bbfe3d2a93f7041c048
SHA256

a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e
SHA512

594e4dcee0be5de89c0775f9791bfee9f212bc774f78e501cb0b8acc80ae75216c160887eab129abca94d7b0ba5cd993a971eec5a5e81a2e9d06bed05086eab3
SSDEEP

3072:6mRJtKoHjK3od7A4ki8Q8uYlAlvLqnxiuL:6mooWU7Aw8PlAlzqnxiu

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-57712.exe
2976	Unicorn-59959.exe
2120	Unicorn-43108.exe
2616	Unicorn-49669.exe
2900	Unicorn-3026.exe
2852	Unicorn-22892.exe
2504	Unicorn-56807.exe
2568	Unicorn-10258.exe
2024	Unicorn-38441.exe
648	Unicorn-25635.exe
1904	Unicorn-61187.exe
1340	Unicorn-43044.exe
2832	Unicorn-62910.exe
2400	Unicorn-16206.exe
1144	Unicorn-48302.exe
1748	Unicorn-44773.exe
2184	Unicorn-14368.exe
2160	Unicorn-37249.exe
2072	Unicorn-50056.exe
2932	Unicorn-19429.exe
1572	Unicorn-52101.exe
536	Unicorn-51395.exe
2532	Unicorn-24172.exe
1336	Unicorn-36978.exe
1528	Unicorn-7643.exe
1624	Unicorn-56460.exe
1580	Unicorn-2853.exe
2908	Unicorn-25407.exe
2240	Unicorn-54358.exe
2368	Unicorn-41551.exe
1768	Unicorn-57695.exe
456	Unicorn-4965.exe
2464	Unicorn-45459.exe
1584	Unicorn-9065.exe
3020	Unicorn-45267.exe
2264	Unicorn-25209.exe
2152	Unicorn-61219.exe
2620	Unicorn-44115.exe
2060	Unicorn-33098.exe
2736	Unicorn-33098.exe
3056	Unicorn-62241.exe
2652	Unicorn-62049.exe
2660	Unicorn-16378.exe
2720	Unicorn-31488.exe
2328	Unicorn-33757.exe
2984	Unicorn-50093.exe
568	Unicorn-33373.exe
1504	Unicorn-30720.exe
1744	Unicorn-124.exe
1736	Unicorn-16138.exe
2080	Unicorn-16461.exe
2740	Unicorn-36004.exe
108	Unicorn-29267.exe
2352	Unicorn-31998.exe
2084	Unicorn-33041.exe
2200	Unicorn-32849.exe
1104	Unicorn-28743.exe
1288	Unicorn-57195.exe
1844	Unicorn-19348.exe
592	Unicorn-26251.exe
1036	Unicorn-6302.exe
1360	Unicorn-61528.exe
1756	Unicorn-8798.exe
1416	Unicorn-62021.exe

Loads dropped DLL 64 IoCs

pid	Process
2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
3028	Unicorn-57712.exe
2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
3028	Unicorn-57712.exe
2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
2976	Unicorn-59959.exe
2976	Unicorn-59959.exe
3028	Unicorn-57712.exe
3028	Unicorn-57712.exe
2120	Unicorn-43108.exe
2120	Unicorn-43108.exe
2976	Unicorn-59959.exe
2616	Unicorn-49669.exe
2976	Unicorn-59959.exe
2616	Unicorn-49669.exe
2120	Unicorn-43108.exe
2120	Unicorn-43108.exe
2852	Unicorn-22892.exe
2852	Unicorn-22892.exe
2900	Unicorn-3026.exe
2900	Unicorn-3026.exe
2616	Unicorn-49669.exe
2616	Unicorn-49669.exe
2568	Unicorn-10258.exe
2568	Unicorn-10258.exe
2504	Unicorn-56807.exe
2504	Unicorn-56807.exe
648	Unicorn-25635.exe
648	Unicorn-25635.exe
2852	Unicorn-22892.exe
2852	Unicorn-22892.exe
2024	Unicorn-38441.exe
2024	Unicorn-38441.exe
1904	Unicorn-61187.exe
2900	Unicorn-3026.exe
2900	Unicorn-3026.exe
1904	Unicorn-61187.exe
1340	Unicorn-43044.exe
1340	Unicorn-43044.exe
2400	Unicorn-16206.exe
2400	Unicorn-16206.exe
2504	Unicorn-56807.exe
2504	Unicorn-56807.exe
2832	Unicorn-62910.exe
2832	Unicorn-62910.exe
2568	Unicorn-10258.exe
2568	Unicorn-10258.exe
2072	Unicorn-50056.exe
2072	Unicorn-50056.exe
2160	Unicorn-37249.exe
2160	Unicorn-37249.exe
1904	Unicorn-61187.exe
1904	Unicorn-61187.exe
1748	Unicorn-44773.exe
1748	Unicorn-44773.exe
648	Unicorn-25635.exe
648	Unicorn-25635.exe
1144	Unicorn-48302.exe
1144	Unicorn-48302.exe
2184	Unicorn-14368.exe
2184	Unicorn-14368.exe
2024	Unicorn-38441.exe
2024	Unicorn-38441.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
828	1744	WerFault.exe	78
1540	2428	WerFault.exe	184
3492	3720	WerFault.exe	235
5180	5912	WerFault.exe	497

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24635.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
3028	Unicorn-57712.exe
2976	Unicorn-59959.exe
2120	Unicorn-43108.exe
2616	Unicorn-49669.exe
2852	Unicorn-22892.exe
2900	Unicorn-3026.exe
2568	Unicorn-10258.exe
2504	Unicorn-56807.exe
2024	Unicorn-38441.exe
648	Unicorn-25635.exe
1904	Unicorn-61187.exe
2832	Unicorn-62910.exe
1340	Unicorn-43044.exe
2400	Unicorn-16206.exe
1748	Unicorn-44773.exe
2184	Unicorn-14368.exe
2072	Unicorn-50056.exe
1144	Unicorn-48302.exe
2160	Unicorn-37249.exe
2932	Unicorn-19429.exe
1572	Unicorn-52101.exe
536	Unicorn-51395.exe
2532	Unicorn-24172.exe
1336	Unicorn-36978.exe
1528	Unicorn-7643.exe
1624	Unicorn-56460.exe
1580	Unicorn-2853.exe
2908	Unicorn-25407.exe
2368	Unicorn-41551.exe
2240	Unicorn-54358.exe
1768	Unicorn-57695.exe
456	Unicorn-4965.exe
1584	Unicorn-9065.exe
2464	Unicorn-45459.exe
3020	Unicorn-45267.exe
2264	Unicorn-25209.exe
2152	Unicorn-61219.exe
2620	Unicorn-44115.exe
2060	Unicorn-33098.exe
2652	Unicorn-62049.exe
2736	Unicorn-33098.exe
2660	Unicorn-16378.exe
3056	Unicorn-62241.exe
2328	Unicorn-33757.exe
2984	Unicorn-50093.exe
2720	Unicorn-31488.exe
1504	Unicorn-30720.exe
568	Unicorn-33373.exe
2080	Unicorn-16461.exe
1736	Unicorn-16138.exe
1744	Unicorn-124.exe
2740	Unicorn-36004.exe
108	Unicorn-29267.exe
2352	Unicorn-31998.exe
2084	Unicorn-33041.exe
2200	Unicorn-32849.exe
1104	Unicorn-28743.exe
1288	Unicorn-57195.exe
1844	Unicorn-19348.exe
592	Unicorn-26251.exe
1036	Unicorn-6302.exe
1360	Unicorn-61528.exe
1756	Unicorn-8798.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3028	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	30
PID 2256 wrote to memory of 3028	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	30
PID 2256 wrote to memory of 3028	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	30
PID 2256 wrote to memory of 3028	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	30
PID 3028 wrote to memory of 2976	3028	Unicorn-57712.exe	31
PID 3028 wrote to memory of 2976	3028	Unicorn-57712.exe	31
PID 3028 wrote to memory of 2976	3028	Unicorn-57712.exe	31
PID 3028 wrote to memory of 2976	3028	Unicorn-57712.exe	31
PID 2256 wrote to memory of 2120	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	32
PID 2256 wrote to memory of 2120	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	32
PID 2256 wrote to memory of 2120	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	32
PID 2256 wrote to memory of 2120	2256	a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe	32
PID 2976 wrote to memory of 2616	2976	Unicorn-59959.exe	33
PID 2976 wrote to memory of 2616	2976	Unicorn-59959.exe	33
PID 2976 wrote to memory of 2616	2976	Unicorn-59959.exe	33
PID 2976 wrote to memory of 2616	2976	Unicorn-59959.exe	33
PID 3028 wrote to memory of 2900	3028	Unicorn-57712.exe	34
PID 3028 wrote to memory of 2900	3028	Unicorn-57712.exe	34
PID 3028 wrote to memory of 2900	3028	Unicorn-57712.exe	34
PID 3028 wrote to memory of 2900	3028	Unicorn-57712.exe	34
PID 2120 wrote to memory of 2852	2120	Unicorn-43108.exe	35
PID 2120 wrote to memory of 2852	2120	Unicorn-43108.exe	35
PID 2120 wrote to memory of 2852	2120	Unicorn-43108.exe	35
PID 2120 wrote to memory of 2852	2120	Unicorn-43108.exe	35
PID 2976 wrote to memory of 2504	2976	Unicorn-59959.exe	36
PID 2976 wrote to memory of 2504	2976	Unicorn-59959.exe	36
PID 2976 wrote to memory of 2504	2976	Unicorn-59959.exe	36
PID 2976 wrote to memory of 2504	2976	Unicorn-59959.exe	36
PID 2616 wrote to memory of 2568	2616	Unicorn-49669.exe	37
PID 2616 wrote to memory of 2568	2616	Unicorn-49669.exe	37
PID 2616 wrote to memory of 2568	2616	Unicorn-49669.exe	37
PID 2616 wrote to memory of 2568	2616	Unicorn-49669.exe	37
PID 2120 wrote to memory of 2024	2120	Unicorn-43108.exe	38
PID 2120 wrote to memory of 2024	2120	Unicorn-43108.exe	38
PID 2120 wrote to memory of 2024	2120	Unicorn-43108.exe	38
PID 2120 wrote to memory of 2024	2120	Unicorn-43108.exe	38
PID 2852 wrote to memory of 648	2852	Unicorn-22892.exe	39
PID 2852 wrote to memory of 648	2852	Unicorn-22892.exe	39
PID 2852 wrote to memory of 648	2852	Unicorn-22892.exe	39
PID 2852 wrote to memory of 648	2852	Unicorn-22892.exe	39
PID 2900 wrote to memory of 1904	2900	Unicorn-3026.exe	40
PID 2900 wrote to memory of 1904	2900	Unicorn-3026.exe	40
PID 2900 wrote to memory of 1904	2900	Unicorn-3026.exe	40
PID 2900 wrote to memory of 1904	2900	Unicorn-3026.exe	40
PID 2616 wrote to memory of 1340	2616	Unicorn-49669.exe	41
PID 2616 wrote to memory of 1340	2616	Unicorn-49669.exe	41
PID 2616 wrote to memory of 1340	2616	Unicorn-49669.exe	41
PID 2616 wrote to memory of 1340	2616	Unicorn-49669.exe	41
PID 2568 wrote to memory of 2832	2568	Unicorn-10258.exe	42
PID 2568 wrote to memory of 2832	2568	Unicorn-10258.exe	42
PID 2568 wrote to memory of 2832	2568	Unicorn-10258.exe	42
PID 2568 wrote to memory of 2832	2568	Unicorn-10258.exe	42
PID 2504 wrote to memory of 2400	2504	Unicorn-56807.exe	43
PID 2504 wrote to memory of 2400	2504	Unicorn-56807.exe	43
PID 2504 wrote to memory of 2400	2504	Unicorn-56807.exe	43
PID 2504 wrote to memory of 2400	2504	Unicorn-56807.exe	43
PID 648 wrote to memory of 1144	648	Unicorn-25635.exe	44
PID 648 wrote to memory of 1144	648	Unicorn-25635.exe	44
PID 648 wrote to memory of 1144	648	Unicorn-25635.exe	44
PID 648 wrote to memory of 1144	648	Unicorn-25635.exe	44
PID 2852 wrote to memory of 1748	2852	Unicorn-22892.exe	45
PID 2852 wrote to memory of 1748	2852	Unicorn-22892.exe	45
PID 2852 wrote to memory of 1748	2852	Unicorn-22892.exe	45
PID 2852 wrote to memory of 1748	2852	Unicorn-22892.exe	45

C:\Users\Admin\AppData\Local\Temp\a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe
"C:\Users\Admin\AppData\Local\Temp\a0081941da89b0a19e5cdaa03b7e637956d241e0ac9efbe6dfe1000eec3aa90e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16378.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21778.exe
        9⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        10⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        11⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        12⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        12⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        11⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        11⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        11⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
        11⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        11⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        11⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
        11⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        8⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        12⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
        13⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        13⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27171.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        11⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        11⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        10⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        11⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25093.exe
        11⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
        11⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54890.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        10⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        11⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        12⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        11⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        11⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        11⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        11⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        11⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        9⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
        11⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        12⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        12⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        11⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        11⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        11⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8968.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        10⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        11⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14502.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        11⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        9⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57055.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        9⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3944.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        9⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        9⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        11⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        12⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        11⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        11⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        12⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
        12⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
        11⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29063.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25191.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        11⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        11⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
        9⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
        10⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22549.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        10⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        11⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        12⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        12⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        11⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41650.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48276.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        9⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        11⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
        12⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        11⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        12⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        12⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        9⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        11⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        10⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        9⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 188
        10⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        11⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        9⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        10⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        11⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1512.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        11⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27125.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        8⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        10⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60027.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        9⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52149.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
        8⤵
        
        PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        9⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        11⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        8⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        9⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        9⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        9⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        10⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
        9⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        10⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14290.exe
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        8⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        8⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60825.exe
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        8⤵
        
        PID:5000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        8⤵
        Program crash
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
        8⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        9⤵
        Program crash
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
        9⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        8⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
        10⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        8⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 188
        10⤵
        Program crash
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        8⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
        8⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        8⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12118.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2267.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        6⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64184.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23062.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        8⤵
        
        PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1532.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15916.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17213.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        9⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42642.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        8⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
        9⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        8⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        7⤵
        
        PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60343.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        9⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        8⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
        7⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61399.exe
        7⤵
        
        PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe

Filesize
184KB

MD5
4f227939c81dbf3fda86a3e2d4af07ab

SHA1
884d26ba6ecbafebc8308cda311113c489183639

SHA256
b859644df62d9934d8a9b8d5c9b0775d4ddac6f20be87c5d02adddb7a5ab3341

SHA512
4452e6498b7defebc716b1a90f9188b016d961a7b8cbd7cb142163ed647e081e22e15ef44174ef75e73030c81e99fea2b947154259a8408d190e6bc8c0109907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe

Filesize
184KB

MD5
ee4175394e4be9e330135e18a51ae23d

SHA1
fcbcec37e09b1605c6a015b62a6f2637e767282e

SHA256
79aefb0be8b38b56179a7c414da57565faddac1f48a3a5e2a92fd7d30dcf423e

SHA512
bbc0cbf5409926ff8a9347774624c6710213275e0597b9a0853f22b02bf6bc55c706624987db908394136e8d79f2639f9cefc1a2db7fa23a5dc5e1b860004feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe

Filesize
184KB

MD5
7d400fb9bcdf6dfda8e5cb5bff1a7d90

SHA1
02d0cb86b535449b59e85be27024394d6100a91f

SHA256
49137d53202b33fa09e495d7cc224ed674a602fe4f5f95529e5080c6d430ad93

SHA512
c17243b12a6479d36bce69d8cea756705b2c7031f46a6501283777a93300bdf047c4eb229361ef93666ac71a634152d8b2d99c8016adee126c357ca3cf7117b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25635.exe

Filesize
184KB

MD5
3cf562a2d91acc51ce2c470391f4ca1e

SHA1
121b1c34b4d1224dfa6c18d21c47a383fc0ed235

SHA256
359d0ce5597a921484d9684551ee31e0e257951e395f732df7fe2adad2d15d24

SHA512
8f868876722b6d89e12a9a00e75c0933d173fa4fa158611f8e495ac5c598d341837b7d9466d9681881e5ce27bf6708120e081c8da6d34b1d1e180cde9cce87ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe

Filesize
184KB

MD5
541c22509e66d4d64acef2f5e626cb84

SHA1
c1af0e77ce99572229954dd6f56fb0847f90ad83

SHA256
400928b916107e5541679b6151a5567a8a19b6fb07e3b7ba7d3f6adbec3b454b

SHA512
0f690787bb40c70f571fb564ca1334c077f45efe631a6329a235bbc1af2ddc265ba0f14fea3b79c5a048a246951d52ab550186e4ff0d541947bfffe6ae5a21e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe

Filesize
184KB

MD5
19bc0d5f7e718ca126a68e602df94f0b

SHA1
cc698f441a28b07583926e420f8b2ad2282e5621

SHA256
78bc70efa26182cc39cf1dd7642c417c696b7397bf76606a7af6bd9db2baf439

SHA512
8d5c1b81a7445f2690e9f1977988d7478647875e205731f7588d1dc1b027946a4657f0c0204f9377ffefe78ec106f7102eb279f249254dd50e8d9541cee0a9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe

Filesize
184KB

MD5
1d956459930d580a776df3e704c60fcc

SHA1
8aad21809937d166cf54a335a2ac636dbc9ca800

SHA256
520c9dc54aab8ee55a78c1e46f87a57abf345e6de313fc3ac1f0094dcbe10de4

SHA512
b844fe45fe188da4b52f52661efd9c4d4aaff45b1df7eaa2a14d677032cd963faf227135b6135eb4700811ada39febba6cf90ace6186263301262ccae02c39b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe

Filesize
184KB

MD5
0bba78ef8afc9f31bdb2b53c67d0f450

SHA1
d94a0650dca802b9460ff49ef240993c6d668555

SHA256
3f5263922f414c3a8c1fecedb837e13977429e64459e051b551daddbd0c49400

SHA512
4608bf3eec05e5a06ab7b9316a2bb6d63f84f52b0142f8314149a7708f23ad7778c9d766b12e6bc66698129af15dd34f3d831988cb81e106ed178a136715b22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe

Filesize
184KB

MD5
ce407d5ad744a679e69855e4ad39f0f4

SHA1
0b3817b3fc87f3d75a03de3f9345e8bc4241e169

SHA256
014b62ed1a123c8f4b30af560421333b62b0f7054c18d2a0933d977cbd594b6f

SHA512
a5bd4903fa29b8331185076ec993814ebe6647ec13cd98f457bf923db01efcd88f0a2acb0158908861dd0175ef976976fe47ecd929c8f18a68ad997f62595f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe

Filesize
184KB

MD5
85e85f652dd0d2b0e56e5d57499dfe8a

SHA1
1124e3489a448665036fc27db41d120703d111b3

SHA256
85f9cf1b3b18cfdd84aafd94155f47a4eb4e05a4e9cf246b9054c112e4be9c31

SHA512
d1bbdfb43c7ceb246cee76d4ed8e04f692a747117b27f4c022e0ca3c22a148b33f93fd06e06c8d6bb58568ca8273534f828634f12aefaf7978ec30293ba19b9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe

Filesize
184KB

MD5
b0c00b49593ed10a2b4285c3c5228af9

SHA1
2d963ae921574be886905fba20b59c3a91a649a9

SHA256
560ae981c78f2deb9a56ab7779b094b87076fa5656dd5ad2793dcecfdde68434

SHA512
d92df45f70ec6580616ea24a81244e4e211cab02144017af4010b2f62897e4f34022d4260e18089734229fa476e00be520eec23ef220cfeb0a64522789364cfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe

Filesize
184KB

MD5
fade458a8fbceb16f58fa75b56d39143

SHA1
21ff0c86488e8ce2f8767a3f921bdadffd7e56a2

SHA256
23152e562318da51f9724efc00d3af76aeb0128175ad7738a11ccac0339ee499

SHA512
1bfa95ca9677ada6ffa18ef758069a825180f4667018bd039dbaa5d4f32786bbcedf8d09bc6551e8d3eedf13d50259ae3e657400f42809a8f4cabfe2bd9c5632

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe

Filesize
184KB

MD5
9a80a08ae2d29bf5d1ce3e5913042423

SHA1
b32128bca81a5af82d544b7c845cbb8d9238b7a3

SHA256
9709af4f5b1805178a198f9e2a44a0c209f7e714540b76b529fa1699c21f81b4

SHA512
05d05f34068400954f88f4fba0ba5a85a7d7884043282bcc599cad2741231bf69ba1c00750d400bfcaa5714f0dd77941bea3d88830c7d6a823bd10f0b53b12f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe

Filesize
184KB

MD5
138a0c2503a34d97e283edffc8352388

SHA1
e84b65fd8d1fc5261bcefd831b1feb2164d1b7c5

SHA256
938716f03868e766d1fdfdc6e6d9b05e0f2e74f8fb41406e6fa989112e2816f9

SHA512
fd3694242ff96c153438394089971a241b544d7fff9eb0382adc9613f1c56bde28e95b4e051c60d16ad4b97356b2b560b855bf6de01efa0eb152dae981cf47ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe

Filesize
184KB

MD5
5ee18b05584e139a2bfdbf3cfe989043

SHA1
ae7f2b37ef803d6702e2b7757c79af5a6b4e96df

SHA256
9a2fafdb8cec2609eba46560a212309db9df44dfdd9e1247a9e08cde28fb4864

SHA512
45f29f831259f5ef160f7ffcd45032f5a6bc1f3202bf9c35e0b8468bc0c42f3deb0df397a985cd4421ca7f9ff4289ec78d093abd2d3adb9513a7180062a7769d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe

Filesize
184KB

MD5
0b40a8f7967f97cfb1d24fc29b4223cc

SHA1
297de9ee6b025c5fd67e08b24ec1953104257812

SHA256
a5c4af4449e79c45edeac72f31631d79b8eb6e223eb957811784f7c042c1f1e7

SHA512
ce2477122030c03974c1f8451f0d293de69f1838eab05aa2d03fa3554429dba6afd0e4d9ab8eb378f3a33c9bd5c87e9a36ff0f4104ae885d048d099fb033f88c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe

Filesize
184KB

MD5
9181af692026d826c07597dfb185f7b8

SHA1
e1d52a676c86126ba422bf4358dfa61629b0502b

SHA256
2c92ddb5d645339453e88e94dd4d6c602ac3bb5a6565a40c716cd5065e796ac9

SHA512
3a1f467bb4f3ecd51be859b289f4519f0d56ecbb178b7bbfd7c3b262e435e28966261f65f7eb70fade47ca36da55eea25a6f9ad38380eff09b1f687bbce8dd83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe

Filesize
184KB

MD5
493895908c0b7214366410ffe0e40519

SHA1
014c34a2398cae8ec5cf30caf91332a6670596d8

SHA256
7f2e76ef8f5e4c76a0f847c0ebcd06941f55fae03411b8541b10d4fb654a74ea

SHA512
9dc16e6b346ff3f6fbfb8dfa3075e5ed868184bc9e9279b77a859c077fb0b2370c76fcff9bbf7bc78ac139d7a8d38b80850f324b4b55e0ced409dcc12c32f9b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe

Filesize
184KB

MD5
0e4a7ed285a0d8f1bb003b40ff0a929f

SHA1
5faf977f51df4d62de4ad925e83ece86afb13460

SHA256
0639c784d9fc8706e45faf1ab64f8d8dec37ac7896d1d099b8fe4dc653befbe3

SHA512
9c01978caa743186048cdfd77879302aa6b498e10a9bb69feb864607ff320be274677e9a339bd5a46d45e72c0fb6ab514c34a0adf0063742be852ee200c06ada

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe

Filesize
184KB

MD5
f660be90e985954e3314444b4576d7fa

SHA1
5d0fc329dbf4c0de57ce2980b7671712d6d643b9

SHA256
e71bb6fb8c893d345b32eebd337d0b5f32a802d9a53c8628c35d76051b24799f

SHA512
73b6f5a9a025d36853329f511fef451af17acfe8566092f7c40d7201cb2e214e29a996c8fd91a8ff61410c585832b328447a55ec3f46e4e0c05215173fb68ca5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe

Filesize
184KB

MD5
ad448a891059b4a8b21c67fdcc8526c4

SHA1
342298e9b01b2e07a7bd37df3ba0754c9d68f212

SHA256
624542980b981f63766893cea6b358b014987cac710c27b0331945fec9de1f5c

SHA512
9602a4efd170196fed3ddaadcc5dd26888ffc682adbd7792c48c63b0349887bfffcebb58c73a48c5140a6b8bbf972a70ef3ede207f37542a20b4ac5471d6c4b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe

Filesize
184KB

MD5
d4c65b8d0a0c85b65064762a9443b4c0

SHA1
07b000fed3b19034a1dce64c56eefe503313396b

SHA256
acce7ca3b476f3ef5827be5c4aa8cf22b91e8d8ba59047344c3e7cab74b892b1

SHA512
09f1468c07ae8d958d0d3634fee38743b825af757ccd1cf04a8f87786425c77bf0c82f8f89d4435ef1dda0c8688f6b25d10e87575979e1ee91b8912a182b4d67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe

Filesize
184KB

MD5
1710e59d0b582165113146d61df81f47

SHA1
4ac9b7f0d29a34b3da189f1176695c5f1c97344e

SHA256
8fb673827c31e92ffef26a210695c5fe1e001d36c7d2c151b977327102132ffc

SHA512
057cd3264ada4db7325dc8808c68ca17c6af79a01f6a039821c65d141733aade4d31c8e0a4bd42a89aface56717f3d008757402b6eaddde4794ad3dbf172f6a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe

Filesize
184KB

MD5
eea1ff47b75e828b9a597ce746228b24

SHA1
a719d56d75ceb9d6831e37d025185187da69a79e

SHA256
b877353f13ab479ac1754313f6b5560410cfcc9ea50a84c64331550eb4a2a36c

SHA512
c6f20c39ecad2cd9977ff1cf5085577ace69116d603a4b8e27728c4ea2c5e6f7d252a2e576ddabdd613c9f975ec1c5565dc95fb6bdbbd78515b2c5816c0f1121

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe

Filesize
184KB

MD5
e853eb20b0780c3bd682f66811d8244f

SHA1
5bb4546149f9f128b5837d88e54e17a03e607cb1

SHA256
6e775050b21db554252bfb345b9a0df035976e600be4a8f510e999d9ef920515

SHA512
bf2aed7ccc96241bafc76244281c7c4bbb16244c85d0afca91779301ed9b1c89e48f82ce5f3bab4c1f669f774902e3a24489e3328c00eda167c43f4d45205f67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe

Filesize
184KB

MD5
7119c7cfe3647f1c9503d36587902fd0

SHA1
75ac71eb6e2addc6a8dd02a059823516e076165d

SHA256
87f6aee7a078c12029aa8f506f042f53831c4f0cc8b7c9599f28e9aa139f1605

SHA512
e53445ec19c29177f96a1711ffd0f2dea2e87e41cdffc037f20e3c74dad1109d8e686b02133b9303db1e539f7e87c99870178e3a61bc339af120c4391a0c0884

Download Submit