cbb9ff260e322272dfc54d2293b88cdd665db83bfbfaa39779b8ce52f4bee175

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
Size

188KB
MD5

091e335d2b9b67d9ae9dac1e53cf2546
SHA1

01b64536be8afe9b19feba59716cb0957532ab59
SHA256

9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777
SHA512

602e65d335994eeb8fbfecc9a2d3deed0cb8a2c91eace6f21daec30f0fe98a7768f1413402c102e945bd60fc43b01b43fa2172d2b1ba65721933135b3d02c948
SSDEEP

3072:BBJIod4mCJtHdyp1d3kQY88lFRnrT0krfWNxulzEYNlxvwFr:BBOor2hdgdUQY8beDjNlxvwF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2120	Unicorn-10414.exe
2168	Unicorn-46626.exe
2700	Unicorn-10424.exe
2832	Unicorn-11535.exe
2612	Unicorn-65375.exe
2956	Unicorn-3175.exe
2620	Unicorn-55879.exe
2172	Unicorn-60518.exe
2280	Unicorn-14846.exe
1460	Unicorn-7254.exe
1956	Unicorn-11893.exe
552	Unicorn-38277.exe
1304	Unicorn-54613.exe
1748	Unicorn-13424.exe
2932	Unicorn-24053.exe
2224	Unicorn-28691.exe
2200	Unicorn-48557.exe
3008	Unicorn-40197.exe
764	Unicorn-4872.exe
2456	Unicorn-33648.exe
896	Unicorn-60975.exe
1080	Unicorn-7327.exe
2992	Unicorn-28302.exe
1644	Unicorn-23664.exe
2800	Unicorn-31832.exe
2312	Unicorn-27342.exe
836	Unicorn-30872.exe
2516	Unicorn-32303.exe
2328	Unicorn-52169.exe
2304	Unicorn-52169.exe
1944	Unicorn-32879.exe
1360	Unicorn-42470.exe
2764	Unicorn-60430.exe
2868	Unicorn-14758.exe
2744	Unicorn-47815.exe
2608	Unicorn-60622.exe
2660	Unicorn-43325.exe
2776	Unicorn-13990.exe
576	Unicorn-10269.exe
3056	Unicorn-30711.exe
584	Unicorn-19013.exe
2508	Unicorn-22351.exe
3040	Unicorn-64486.exe
1700	Unicorn-56318.exe
1296	Unicorn-19732.exe
1188	Unicorn-15093.exe
1908	Unicorn-7501.exe
1652	Unicorn-52981.exe
800	Unicorn-14408.exe
2208	Unicorn-10111.exe
2492	Unicorn-40510.exe
1856	Unicorn-40510.exe
1044	Unicorn-54246.exe
860	Unicorn-60376.exe
2612	Unicorn-60376.exe
1768	Unicorn-60376.exe
348	Unicorn-60376.exe
1244	Unicorn-43355.exe
2460	Unicorn-9073.exe
1860	Unicorn-28939.exe
2244	Unicorn-1481.exe
328	Unicorn-13178.exe
1684	Unicorn-37683.exe
2672	Unicorn-57698.exe

Loads dropped DLL 64 IoCs

pid	Process
2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
2120	Unicorn-10414.exe
2120	Unicorn-10414.exe
2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
2168	Unicorn-46626.exe
2168	Unicorn-46626.exe
2120	Unicorn-10414.exe
2120	Unicorn-10414.exe
2700	Unicorn-10424.exe
2700	Unicorn-10424.exe
2832	Unicorn-11535.exe
2832	Unicorn-11535.exe
2168	Unicorn-46626.exe
2168	Unicorn-46626.exe
2612	Unicorn-65375.exe
2612	Unicorn-65375.exe
2956	Unicorn-3175.exe
2956	Unicorn-3175.exe
2700	Unicorn-10424.exe
2700	Unicorn-10424.exe
2172	Unicorn-60518.exe
2172	Unicorn-60518.exe
2280	Unicorn-14846.exe
2280	Unicorn-14846.exe
2612	Unicorn-65375.exe
2612	Unicorn-65375.exe
1460	Unicorn-7254.exe
1460	Unicorn-7254.exe
2956	Unicorn-3175.exe
2956	Unicorn-3175.exe
1956	Unicorn-11893.exe
1956	Unicorn-11893.exe
2620	Unicorn-55879.exe
2620	Unicorn-55879.exe
2832	Unicorn-11535.exe
2832	Unicorn-11535.exe
552	Unicorn-38277.exe
552	Unicorn-38277.exe
2172	Unicorn-60518.exe
2172	Unicorn-60518.exe
3008	Unicorn-40197.exe
3008	Unicorn-40197.exe
2620	Unicorn-55879.exe
2200	Unicorn-48557.exe
2620	Unicorn-55879.exe
2200	Unicorn-48557.exe
1748	Unicorn-13424.exe
1748	Unicorn-13424.exe
1956	Unicorn-11893.exe
1956	Unicorn-11893.exe
2932	Unicorn-24053.exe
2932	Unicorn-24053.exe
1460	Unicorn-7254.exe
2224	Unicorn-28691.exe
1304	Unicorn-54613.exe
1460	Unicorn-7254.exe
1304	Unicorn-54613.exe
2224	Unicorn-28691.exe
2280	Unicorn-14846.exe
2280	Unicorn-14846.exe
2456	Unicorn-33648.exe
2456	Unicorn-33648.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
632	1944	WerFault.exe	61
1276	944	WerFault.exe	114
1660	3040	WerFault.exe	73
572	2812	WerFault.exe	101
2240	1856	WerFault.exe	213
1080	3012	WerFault.exe	255
2032	1608	WerFault.exe	362
984	2124	WerFault.exe	446
2536	2832	WerFault.exe	527

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24878.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51327.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
2120	Unicorn-10414.exe
2168	Unicorn-46626.exe
2700	Unicorn-10424.exe
2832	Unicorn-11535.exe
2612	Unicorn-65375.exe
2956	Unicorn-3175.exe
2172	Unicorn-60518.exe
2280	Unicorn-14846.exe
2620	Unicorn-55879.exe
1460	Unicorn-7254.exe
1956	Unicorn-11893.exe
552	Unicorn-38277.exe
1304	Unicorn-54613.exe
1748	Unicorn-13424.exe
2932	Unicorn-24053.exe
2224	Unicorn-28691.exe
2200	Unicorn-48557.exe
3008	Unicorn-40197.exe
764	Unicorn-4872.exe
2456	Unicorn-33648.exe
896	Unicorn-60975.exe
1080	Unicorn-7327.exe
1644	Unicorn-23664.exe
2992	Unicorn-28302.exe
2800	Unicorn-31832.exe
2312	Unicorn-27342.exe
836	Unicorn-30872.exe
2304	Unicorn-52169.exe
2516	Unicorn-32303.exe
2328	Unicorn-52169.exe
1944	Unicorn-32879.exe
1360	Unicorn-42470.exe
2764	Unicorn-60430.exe
2868	Unicorn-14758.exe
2744	Unicorn-47815.exe
2608	Unicorn-60622.exe
2660	Unicorn-43325.exe
2776	Unicorn-13990.exe
576	Unicorn-10269.exe
3056	Unicorn-30711.exe
584	Unicorn-19013.exe
2508	Unicorn-22351.exe
3040	Unicorn-64486.exe
1700	Unicorn-56318.exe
1188	Unicorn-15093.exe
1296	Unicorn-19732.exe
1908	Unicorn-7501.exe
800	Unicorn-14408.exe
2208	Unicorn-10111.exe
1652	Unicorn-52981.exe
1768	Unicorn-60376.exe
1856	Unicorn-40510.exe
2492	Unicorn-40510.exe
860	Unicorn-60376.exe
1044	Unicorn-54246.exe
2612	Unicorn-60376.exe
348	Unicorn-60376.exe
1244	Unicorn-43355.exe
2460	Unicorn-9073.exe
1860	Unicorn-28939.exe
2244	Unicorn-1481.exe
1684	Unicorn-37683.exe
328	Unicorn-13178.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2120	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	30
PID 2052 wrote to memory of 2120	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	30
PID 2052 wrote to memory of 2120	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	30
PID 2052 wrote to memory of 2120	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	30
PID 2120 wrote to memory of 2168	2120	Unicorn-10414.exe	32
PID 2120 wrote to memory of 2168	2120	Unicorn-10414.exe	32
PID 2120 wrote to memory of 2168	2120	Unicorn-10414.exe	32
PID 2120 wrote to memory of 2168	2120	Unicorn-10414.exe	32
PID 2052 wrote to memory of 2700	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	33
PID 2052 wrote to memory of 2700	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	33
PID 2052 wrote to memory of 2700	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	33
PID 2052 wrote to memory of 2700	2052	9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe	33
PID 2168 wrote to memory of 2832	2168	Unicorn-46626.exe	34
PID 2168 wrote to memory of 2832	2168	Unicorn-46626.exe	34
PID 2168 wrote to memory of 2832	2168	Unicorn-46626.exe	34
PID 2168 wrote to memory of 2832	2168	Unicorn-46626.exe	34
PID 2120 wrote to memory of 2612	2120	Unicorn-10414.exe	35
PID 2120 wrote to memory of 2612	2120	Unicorn-10414.exe	35
PID 2120 wrote to memory of 2612	2120	Unicorn-10414.exe	35
PID 2120 wrote to memory of 2612	2120	Unicorn-10414.exe	35
PID 2700 wrote to memory of 2956	2700	Unicorn-10424.exe	36
PID 2700 wrote to memory of 2956	2700	Unicorn-10424.exe	36
PID 2700 wrote to memory of 2956	2700	Unicorn-10424.exe	36
PID 2700 wrote to memory of 2956	2700	Unicorn-10424.exe	36
PID 2832 wrote to memory of 2620	2832	Unicorn-11535.exe	37
PID 2832 wrote to memory of 2620	2832	Unicorn-11535.exe	37
PID 2832 wrote to memory of 2620	2832	Unicorn-11535.exe	37
PID 2832 wrote to memory of 2620	2832	Unicorn-11535.exe	37
PID 2168 wrote to memory of 2172	2168	Unicorn-46626.exe	38
PID 2168 wrote to memory of 2172	2168	Unicorn-46626.exe	38
PID 2168 wrote to memory of 2172	2168	Unicorn-46626.exe	38
PID 2168 wrote to memory of 2172	2168	Unicorn-46626.exe	38
PID 2612 wrote to memory of 2280	2612	Unicorn-65375.exe	39
PID 2612 wrote to memory of 2280	2612	Unicorn-65375.exe	39
PID 2612 wrote to memory of 2280	2612	Unicorn-65375.exe	39
PID 2612 wrote to memory of 2280	2612	Unicorn-65375.exe	39
PID 2956 wrote to memory of 1460	2956	Unicorn-3175.exe	40
PID 2956 wrote to memory of 1460	2956	Unicorn-3175.exe	40
PID 2956 wrote to memory of 1460	2956	Unicorn-3175.exe	40
PID 2956 wrote to memory of 1460	2956	Unicorn-3175.exe	40
PID 2700 wrote to memory of 1956	2700	Unicorn-10424.exe	41
PID 2700 wrote to memory of 1956	2700	Unicorn-10424.exe	41
PID 2700 wrote to memory of 1956	2700	Unicorn-10424.exe	41
PID 2700 wrote to memory of 1956	2700	Unicorn-10424.exe	41
PID 2172 wrote to memory of 552	2172	Unicorn-60518.exe	42
PID 2172 wrote to memory of 552	2172	Unicorn-60518.exe	42
PID 2172 wrote to memory of 552	2172	Unicorn-60518.exe	42
PID 2172 wrote to memory of 552	2172	Unicorn-60518.exe	42
PID 2280 wrote to memory of 1304	2280	Unicorn-14846.exe	43
PID 2280 wrote to memory of 1304	2280	Unicorn-14846.exe	43
PID 2280 wrote to memory of 1304	2280	Unicorn-14846.exe	43
PID 2280 wrote to memory of 1304	2280	Unicorn-14846.exe	43
PID 2612 wrote to memory of 1748	2612	Unicorn-65375.exe	44
PID 2612 wrote to memory of 1748	2612	Unicorn-65375.exe	44
PID 2612 wrote to memory of 1748	2612	Unicorn-65375.exe	44
PID 2612 wrote to memory of 1748	2612	Unicorn-65375.exe	44
PID 1460 wrote to memory of 2932	1460	Unicorn-7254.exe	45
PID 1460 wrote to memory of 2932	1460	Unicorn-7254.exe	45
PID 1460 wrote to memory of 2932	1460	Unicorn-7254.exe	45
PID 1460 wrote to memory of 2932	1460	Unicorn-7254.exe	45
PID 2956 wrote to memory of 2224	2956	Unicorn-3175.exe	46
PID 2956 wrote to memory of 2224	2956	Unicorn-3175.exe	46
PID 2956 wrote to memory of 2224	2956	Unicorn-3175.exe	46
PID 2956 wrote to memory of 2224	2956	Unicorn-3175.exe	46

C:\Users\Admin\AppData\Local\Temp\9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe
"C:\Users\Admin\AppData\Local\Temp\9ddec834eb53d233223e982606ef84d6296d2c578e848ce541849b3a5044b777.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        12⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
        13⤵
        Program crash
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9073.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        11⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        12⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
        13⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55236.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
        15⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        16⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        17⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        18⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        19⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34221.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
        14⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        15⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        16⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        17⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        18⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        19⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        20⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        21⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        19⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        14⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        15⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 200
        16⤵
        Program crash
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        15⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        16⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        17⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
        10⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        12⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        13⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        16⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        17⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
        19⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        20⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        21⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        16⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        17⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
        18⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        20⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 212
        9⤵
        Program crash
        
        PID:572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 232
        8⤵
        Program crash
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        12⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        14⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
        15⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        16⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        17⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        18⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3435.exe
        19⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        10⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        12⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        13⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        11⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        14⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
        15⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        17⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        18⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        7⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1506.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        12⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51303.exe
        14⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        15⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        16⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        17⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        18⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        15⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        17⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58453.exe
        18⤵
        
        PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33648.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42470.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61985.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42348.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        15⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        16⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        17⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        18⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        19⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        20⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        16⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        17⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        18⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        19⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        13⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        15⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
        17⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        18⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
        14⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63628.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        16⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        17⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        18⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        19⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        11⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        11⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34413.exe
        12⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        14⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        15⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
        16⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        17⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
        18⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
        19⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        12⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        13⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        13⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        14⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        15⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        16⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
        19⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
        18⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        15⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        17⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8100.exe
        18⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        12⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        14⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        16⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        17⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
        18⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        15⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        16⤵
        
        PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        9⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        13⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        15⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        16⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        18⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        19⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        20⤵
        Program crash
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8689.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28878.exe
        10⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        12⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        13⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        15⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        16⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        17⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
        18⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        12⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26245.exe
        13⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        14⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        15⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        16⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        17⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        18⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        19⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        20⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        21⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        12⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        14⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        6⤵
        Program crash
        
        PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        7⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 200
        8⤵
        Program crash
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50921.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        13⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        14⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        15⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        16⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
        17⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        13⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        15⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        16⤵
        
        PID:1772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7424.exe
        10⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        12⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        13⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        17⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
        18⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        20⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        19⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        7⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        14⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        16⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        17⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50243.exe
        18⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
        19⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        10⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
        11⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        12⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        14⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        15⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        17⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38401.exe
        18⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        19⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        13⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        14⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42035.exe
        15⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        17⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        18⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        19⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39734.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
        11⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        12⤵
        Program crash
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        11⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        12⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        13⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        14⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        15⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        16⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62526.exe
        17⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
        18⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        17⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
        6⤵
        Executes dropped EXE
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        11⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        13⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        14⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        16⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15385.exe
        17⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        18⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        13⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        14⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        15⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        18⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        14⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 200
        15⤵
        Program crash
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        10⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
        12⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20359.exe
        13⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        15⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        16⤵
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        14⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-161.exe
        15⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        16⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        17⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        18⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        19⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        14⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        15⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        16⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        17⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        18⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32301.exe
        11⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        14⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        15⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        16⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        17⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        18⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        12⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        14⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39067.exe
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
        17⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9252.exe
        18⤵
        
        PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        11⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        12⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        13⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        14⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        15⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        16⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        17⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        18⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        19⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        11⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9844.exe
        13⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
        14⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        15⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        16⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        17⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        18⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19910.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        11⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51896.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41770.exe
        13⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        14⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        15⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        16⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        14⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15822.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        17⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        16⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        12⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        13⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        15⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        16⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        17⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        18⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10395.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        12⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
        13⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        15⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        16⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        17⤵
        
        PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12037.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        9⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47796.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        12⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        13⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
        14⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        13⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        14⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        16⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
        17⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        14⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        15⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40357.exe
        16⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        17⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        18⤵
        
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe

Filesize
188KB

MD5
fdc6b182a1158df6931c2c1062b99de1

SHA1
0572037c7ea101e14a77a806e088a098ce450da8

SHA256
9aa3e348e768771bf7571c62b4404ad68de6351be1c2be3830e7a6cae47fb8a5

SHA512
cba12f4c6e912810838d469371c6480f01181bafcd3e1cad24e7d303e48e685a5887479146cec21e7c2a7c4d608b02d0807ef0cd013618afd97e974fa8af65c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe

Filesize
188KB

MD5
7172270f17b25d73cd1243591eed1482

SHA1
b8d81726697a886f41877f1b43fb19d3c82a80f4

SHA256
bf2283d09c77eaeb0b954a0c33d4778f2c2384c18f9b9fa866b280d3e40c4ec1

SHA512
1c57b8316444de7d375b0f0122b878534f4764dc52e92450cfac27755d8e5f6939cd5a024e19d25eab8e47aaf89ceebff7e13c1084f202f16c5c90e3ef6605b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe

Filesize
188KB

MD5
8ccb41d0a3514a4edaf1477e5d2035a5

SHA1
74f3dbb8c170971fe8e0597db48578fd0d7cf622

SHA256
7eced0d714883a1c0a0313f2c3552e879b39b3db2d7184f55fdf94d53e07025d

SHA512
2ee7fdc450ccf20ffd7e43b65d84da332d98c0f62dd31c3148bbcc90b8c2a6fc1a08c2d714fc9c7f73ff27b86d8d4d7b72fa95f3cea9dfbcd9100ebfac90e266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe

Filesize
188KB

MD5
04d9ddcf0cfdf9c697752ed6535f8707

SHA1
12dcd5b456a9dccf8abf2224d0e04f923b7f564d

SHA256
856158f664421d460866d37cdeb4957c84ab0b228ef89321e52914e095de331d

SHA512
f705a206621ac084623844820735ec1a126b830993479a61e37649714ee29cddba8b8d9addcf17285b4f16413161879a92876cbfc5cef13e2f23d94de595fe17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe

Filesize
188KB

MD5
d6b8c99b713033db9e305317fdda0d41

SHA1
08e80ec4178679f5bdfd034714ff76a8352c29a1

SHA256
f84d689905c2b23472c9010883d4f1cd5ab30251892007682ef324a33ae45144

SHA512
09e48405382b995687ff9f09ebcfd6ee10bc4025c0d4d145b3677419e4435b3ec1434daf6d4de62611bb69714c146b92f82ef06c73519b40af4502508fe0dccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe

Filesize
188KB

MD5
983ed36fd2c505ee1bea68e6d68aebd6

SHA1
f995c81fd37e8ad26e63b476fbb0d6a02c14a172

SHA256
f7a9a2e00d86bfc3a32f26827062eb7f4f954f750bf529047b0a09a723932775

SHA512
83ee81da9259d65ab7558162cd60326894b619edb4c763ced4052a62a15c1993e58d282da7c5ce96a58cc0e77e7d37208905cabcf99f4f640d2d168326d3d72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe

Filesize
188KB

MD5
b978c51eccaab4359d580840e63825bc

SHA1
6be53394d3714e0d34a2ff954cbc7116447f728c

SHA256
3998fb60194c3d3e27019e697f864c22ac307e70e2d683dfb1fa4f3575576fa4

SHA512
ead6302e9a2c845b732308ce5d4753f6c3bc28077082d20493aaded6d65ee0e2933cd0baca4c2e5e2510b604dbd62843cf7ef33d5827b3094dab12e94346cca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe

Filesize
188KB

MD5
784068fd7dede9f2757a7cdd4423edff

SHA1
0daa0e53fa6d5f165805fb1fc6a597e70ddfb656

SHA256
915b7fb6e929c2dea4a608bb99ac88eec96b298497aee6337cd1629892f4992b

SHA512
68ab909e1f67ef9d8fbed4752be023a7ef71c108cbf36881f6c7d1ef7ef3f216f4086497b62e84ed0ce7f31ba0154f088fa19e80ca1080616c2c7bf73f0366c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe

Filesize
188KB

MD5
a615311880169dfbda4fa40abf26bf94

SHA1
8d1c02087eb392b7c40b82275134b9264aed6a4b

SHA256
98664c222d20ada4e4ee9afc2cdd1c0703a5f976022755b75555ed0e7d783c3f

SHA512
9881de8fa2535fb4399502aa9f1581e2f37b5b966adbe97444057dfd1fa4a47a6dd40271f229fbd1b57ba38269ce6d4ad5ca28a9aad8815a5a71957edaa5a7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe

Filesize
188KB

MD5
560e68ba3bfb8ba739d9613bd9b46b5f

SHA1
aa6e601da8c15c486c5298088d966a7b9f5d31e4

SHA256
d1f9817d7fba2264a08884045580ab080ff6be51d6ab9053818e929b01082609

SHA512
644da9c39c35662e17773081fdc3280dce044a0ae4cfacb533b613f687cd21b572741a7fa13cb840c3e9216c4f2ac477c628163928e8b66e52bccb6b571d82ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe

Filesize
188KB

MD5
02ba75037f489c04f7d7539fbceeaad3

SHA1
758c68c4fc5ea1e63054222e3fe2259d44e7c97a

SHA256
04f2ff838aa4ad117b2b8ceb5f5e87196f6a2d97785e22b6c0734b3819af8d9b

SHA512
e2f31c1319a4184fbb9859d9e6b3c08fa809fb662e7104b23483e115cf6f9e1846336b0de5f416bf9c1dbf2525045376a3d2be4bd46b2ff93f65f7b08318e82d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe

Filesize
188KB

MD5
b2882ed5361478660ea612717c0769ba

SHA1
6ce80682125a043dfce200c4b74ddbc8e41efb9b

SHA256
8cb056bce5cad52a2f35cc3ebf41d6a6f96b84fbba3756af4c2fd375c3c732cf

SHA512
68c9b1d942d884b1ec4e593da2729ce624dd2618c7b05783a11f736935cf6baa826304993e08fd0b243ed68650b5808520e973d4a517ccd56800fc822e703431

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe

Filesize
188KB

MD5
7abba17aa72f8462f19d877fa1beefd9

SHA1
7e2a8b9ce4e26144c80b3083e8ca8da972125445

SHA256
3cdff33e7b9f1e6a0b18348115b794a205abf97ab49900beb444e9daf7963cec

SHA512
310aa4ac608a2712c77d44111334741d5014ad0443b124347035d9e9bb6f14f2949332da9e209f2d9979ec26345ffde40360133f1651a59b22e544b009f29e89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe

Filesize
188KB

MD5
ad97ec43bb21585624b2782232e0671d

SHA1
a71e9fc5c39a1637be3009ff6c8df5c4b094aeaf

SHA256
b5534bca424b2b53bee790af3fad100536f37de290c94fcfa6cad041203d496a

SHA512
c95b93291c9c0f436b297c27c729f54240093aaeddaec7b24fcb1712d5575b7c6a7471fff5d78c70e9a0911b43f858f5b83ffa8b354f975032ad8d73abb82ee7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe

Filesize
188KB

MD5
83a11db9a13b3953aaaf175af7d618e1

SHA1
8e889d33b15fe97cf054ec4f57abb1f5bbfdf382

SHA256
6305efb57eafa3bb2317c3f1481e18bfb65122f963a1e4d9d96b81fb74a9148b

SHA512
4839272d7d9b83c22ea45264c915542cf3d5a4f5b1c96f2081284727902ce1df3aca75ea568015d0c6f61f98173aa922abb52d8191682ef00a9cba717b165654

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe

Filesize
188KB

MD5
9f690f6c46bb382f26085917b2c4bc0e

SHA1
c58167f2af6c430d2701d50fe276b878ff699a84

SHA256
880b144550e2f8eb62ba90a78a155f695e3c3a21df5e23e845bc8dd61729daa4

SHA512
29c6340f54f8148d0dbc77185a3a3e3cb3f87d70e8cb04d1e4b50a7576818aa822601233d5121e31e7f62638eb529774903db45970da010dfba6e11e440c9c17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe

Filesize
188KB

MD5
77f4e461f16936bdcc17b57f0c91ddd8

SHA1
22093f72eab82ac8e8682b677420bf4c88d8f84c

SHA256
3074a622bad94d671c018c461b7ec6175f0808c2924e0ed74392ea2585eeca41

SHA512
55c61edec498f38ac0e372b261877a6945c63cc6cce75bbc9b4b284522c5180edf5e44be7736b85b2b3eff14fcad78283d7b806bbdab551275dc30cff29f79a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe

Filesize
188KB

MD5
e8b0484fa738cec10753330b1bba99ec

SHA1
0ca1513b77d3353bc1e605cb9283a995816303fd

SHA256
4335bd1540683cd8b7ac7db2247df5ac7b2dce616389e34f9b08c3bd953a8841

SHA512
984d8f20dd61474735d80310d6af85aee6e9f566d61b4276d9f618c593c285c12e5f8df438caa9138d0428305ce853da0035b0a8081741887494be4d23126422

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe

Filesize
188KB

MD5
2036333fd6969838f4d1c96e4b01477e

SHA1
c48c8694c9ba199a3f0e8d8b62ad613cbd38740f

SHA256
3fe66751d790931fd0a6eae7baf72712f7011b52bfb2c39b03b340746032a268

SHA512
3adf0f0a016a0e50629481e48a2476256eb099a2ff5c982345bb0fc8d1e237e2827d55737a7055b8b4abc81f3f92a1f148ae59829186bc17243d837e87b57a45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe

Filesize
188KB

MD5
4278185238667de727a29c3818ccc61b

SHA1
802c7fe3a47e34513c7667ec3cdd10163779ed96

SHA256
7cd212dcbacb37eaa43f54483e5ae7f0e47ef7523d3248ce400afd82c6eca2ec

SHA512
4ddcffe876817b97f544324c484eb8dabdb9085929fdb5979a915b4fd1be098efda616008514d674168766a5670cf966dcf2461fa8afde0673e02387ba2b390f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe

Filesize
188KB

MD5
35dc1aaa89fce58443f4c69610e33b53

SHA1
893c170d66115121447f79456254b31498292660

SHA256
c981e1b7d119647f5e23e81f841de77719174645637a7171b6129f76b914b261

SHA512
593b976c1f68274416a3e944cf0d6eda5e8c9e23f79903246e3fbdc79a82853ca01bc0b2caabeff9e1ca2fa9a6b2ab1ccc9bc032537b1836c00a70fbf417e440

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe

Filesize
188KB

MD5
e96e6fe7222cb0004d98885f138ae0b2

SHA1
b1692497fbff3de599b28f6c4a15038fae45d041

SHA256
c611c2126b06dadef8a5cd887c7970d23f641dbb4631a210170946c912798a95

SHA512
c74c283f03316306a207e137e35a285eebbb9a1a63a79c8cc126b69a692da2653d7151ffb2f981274eefaf86c4fc02da52866171ec355af615f572cb3b252441

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe

Filesize
188KB

MD5
bce489189764bb2618c042819306b8d2

SHA1
86436ad637c61069707c6f9fde28f3351b55ac12

SHA256
70854417091bd97926329bbd816feb39eb0dc1d16e5e5fba7540152d1617d2e2

SHA512
b7e9aa848f00843d19d99b14a230b9e2fbf5816c0f22729163011ff3a1e780d0c26f7893e05174f41bd245cde992a5081eb8ff88434795974724d11d6a16f8a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe

Filesize
188KB

MD5
3f338a084ccc1d4df856e7d4b7e497c7

SHA1
2cf2406eeee0503c7ecdf2e17a93fac0e344eaf4

SHA256
b7e4b0bd05b81cbed42d50f6795c7f19806dc01c86e562e93be4c7496550cf0f

SHA512
f630a9cd4b4b21c5a2d81debb7cbaa6ca220e2eff4a00035f1def16eb066a667e331921cc010595eb19d42aa317f7f08c326fbb2ff688b1035e54de7985ceaa2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe

Filesize
188KB

MD5
2c6eeca075477df9528124579acc6ec1

SHA1
ef775bb1e00fd202e42551cb89075d118f5591ac

SHA256
316a72bbc6077d432b3fe35aa7ad3ebe2b78ed4274d7d9d5bb972bf5f54c08f7

SHA512
51fad232d49a42d287cd8373dab04b2fa0b8c4d6f1b11c07af10bf2a421bd06a2c91a99415e10e50c9a04d1a8041255c3d57d570c63bae965464542cd71e3a48

Download Submit